[K12OSN] K12LTSP 4.2.4EL planning... how stable?
Paul Lemke
lists at paulandmichelle.net
Thu Sep 7 15:40:38 UTC 2006
I’d suggest installing “fail2ban”. It will monitor your log files for failed attempts at login and ban the IP at the firewall level for a set amount of time.
http://fail2ban.sourceforge.net/
_____
From: k12osn-bounces at redhat.com [mailto:k12osn-bounces at redhat.com] On Behalf Of Mark Gumprecht
Sent: Thursday, September 07, 2006 10:38 AM
To: Support list for open source software in schools.
Subject: Re: [K12OSN] K12LTSP 4.2.4EL planning... how stable?
I too was cracked, but it was caused by weak passwords by users. I ran rkhunter and it didn't find anything. The root wasn't compromised, but a user was. The cracker created a directory of " " in /tmp, which obviously doesn't show up. I'm reloading for piece of mind.
As far as 4.2.x, I think it would be nice to have the ability to update from newer files, but not as a defacto update, different repository that could be enabled in apt or yum or up2date maybe?
Mark
Les Mikesell wrote:
On Tue, 2006-09-05 at 16:46, Doug Simpson wrote:
I wouldn't do automatic updates either, but I do update
often and am not aware of any recent new Centos vulnerabilities.
Do you have any idea what happened?
I have no idea what happened other than that after the udatres, 4
updated servers got hacked and rootkits were installed. Different
rootkits on each one with different consequences.
The thing I'd suspect first would be root password guessing - there
are a lot of scripted attempts happening on the internet now, and
that wouldn't be related to updates. Or perhaps some application
not part of the normal disto.
--
Mark Gumprecht
MSAD3
Unity, Maine 04988
gumprechtm at msad3.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/k12osn/attachments/20060907/dd14d084/attachment.htm>
More information about the K12OSN
mailing list