Box Cracked ( Was: thank's )
bob.smith at kolumbus.fi
bob.smith at kolumbus.fi
Sun Oct 21 05:33:48 UTC 2007
Les Mikesell <lesmikesell at gmail.com> kirjoitti:
> bob.smith at kolumbus.fi wrote:
> >>
> >> Something strange in those script? Something that lead you to think
> >> you've a rootkit installed?
> >>
> >>
> > I do this to get to know the system, I have been cracked many times and
> > quite honestly have enough of it. Either I get to know my system deep
> > down, or I run the box online all days all nights without protection.
>
> The software included in the distro is fairly secure if you keep it up
> to date with frequent 'yum update' runs. If you have been cracked 'many
> times' it is likely to be because you have weak passwords that someone
> is guessing through ssh, or you haven't kept the system up to date as
> new exploits are discovered and fixed, or you have added 3rd party or
> your own programs (like a lot of php web stuff...) that are insecure and
> haven't kept them up to date.
>
> --
> Les Mikesell
> lesmikesell at gmail.com
>
> --
> fedora-list mailing list
> fedora-list at redhat.com
> To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
>
> > The rootkit designs I saw were aimed at the kernel for some reason. No
> > where could I find mention of a Linux rootkit.
> >
>
> FWIW, I been running rkhunter on Unix and Linux systems for several
> years, on a regular basis. I also occasionally run chkrootkit, but
> I like rkhunter better. It checks for more than 100 rootkits and
> trojans <http://www.rootkit.nl/projects/rootkit_hunter.html>
>
> And it checks md5 values for a number of files, in the easiest case
> against the rpm db. e.g. rkhunter -c --pkgmgr rpm
>
> Regards,
> Doug Wyatt
>
> --
> fedora-list mailing list
> fedora-list at redhat.com
> To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
>
hi,
well, I found rkhunter, ran it, and it did output a few warnings. Now...I feel more comfortable knowing about rkhunter, which I did not know before this thread.
A good thing would be to (for each distro) somehow document what is normal on a default installation(if such exists). For example the numerous unix sockets that are in use on my box worried me a lot. Of course they as someone mentioned "don't leave the system", but that didn't occur to me.
regarding the /tmp directory, there is an entry /tmp/keyring-something. Does anyone know what the term keyring means in the security context?
thank you for your advice and help
--
More information about the fedora-list
mailing list