brute force ssh attack

[John Wendel]

William Hooper wrote:
> 
> Well, the question asked would be nice:
> "Thus it has some method of getting root privileges."
> 
> The response:
> "Inexperienced sysadmins."
> 
> The quote showing that was the case:
> "Daniel Kirsten wrote:
> 'Yesterday, I examined the directory ~daikanyama/.undernet and probably I
> executed mech as root. The file mech is indeed infected by Linux/Rst-B.
> This explains everything.......'
> 
> So the "method of getting root privileges" is "regular users of their own
> machines" running random executables (like the ones downloaded by a script
> kiddie) as root.
> 
> I'm interested in hearing how you would like to close this vulnerability.
> 
> --
> William Hooper
> 

I should probably keep quiet, but I don't really mind looking like a fool.

I'm an "inexperienced sysadmin" for my Linux boxes, and I have 
destroyed a few by doing stupid things, like running an untested 
script (that I wrote) as root that deleted all the file in /etc.

What I'd really like is for system files to be mounted read only. 
Maybe by having a hardware switch that makes the system disk read 
only. Booting from a DVD that contained everything except /var, /tmp, 
and /home would be another alternative. This of course requires that 
everyone cleans up their code to only update files in /var, instead of 
writing in /etc.

I'm sure some smart people have already worked out the details for a 
system like this. Anyone aware of this kind of work? I'd be interested 
in seeing it.

Thanks,

John Wendel