Security

[Advent Systems]

Cyber Source,
    I understood yours was an example.  I was questioning who "marc" 
was.  Because of what happened, I thought someone might have installed a 
hidden user account.  In  win2k  I could track this stuff down  , in 
Linux I'm almost clueless.  Anyhow, Dave A. already answered the 
question, thanks.

Bob Randal

Cyber Source wrote:

> That's just a sample, that's why I said you could edit that or add a 
> new line like it with your email address, as in my example
>
> Advent Systems wrote:
>
>> Cyber Source,
>>    When I went to edit my /etc/aliases file as you suggested, under 
>> "# Person who should get roots mail" it has the name "marc".  Is that 
>> right?  Who is marc?
>>
>> Thanks,
>> Bob Randal
>>
>> Cyber Source wrote:
>>
>>> Your thinking that your system was hacked into or compromised 
>>> because your apt-get update got stuck on a source? If an apt-get 
>>> source is down for the moment, it will get stuck and hang trying to 
>>> resolve the host. You could edit your /etc/apt/sources.list and 
>>> comment out the offending source temporarily.
>>>  Brad gave some good advise. I'd like to add to it. I too was like 
>>> you, all familiar and comfortable in windows land and Linux was 
>>> totally foreign to me. I started with Linux in '99 and with the help 
>>> of this LUG and especially Bob Meyer, my Linux knowledge took off, 
>>> so now I can be really dangerous (to myself as well as others) ;). 
>>> Anyway I'm going to make some suggestions with assumptions for 
>>> simplicity sake. Run all commands as root, without the quotes.
>>> 1. Set sendmail up on the box to run in levels 3, 4 and 5. 
>>> "/sbin/chkconfig --levels 345 sendmail on". This will start sendmail 
>>> in levels 3, 4 and 5.
>>> 2. In case it's not already running, "/sbin/service sendmail restart".
>>> 3. Edit the file /etc/aliases and uncomment the line under # Person 
>>> who should get root's mail. Or add the line under the one there like 
>>> this "root: adventsystems at verizon.net" . This will send all logs 
>>> that would normally be sent to root to your email address. Save the 
>>> file.
>>> 4. Run the command "newaliases" after editing the /etc/aliases file.
>>> 5. Run "/sbin/service sendmail restart"
>>>
>>> This should get you to at least start looking in your logs because 
>>> they will be emailed to you now. On RedHat/FC systems, it will send 
>>> logs showing ssh attempts and all sorts of stuff, I see them all the 
>>> time from script kiddies, etc. I then create a filter on my email 
>>> program (thunderbird) to have all emails sent from my servers to a 
>>> seperate folder, say called "Server Stuff", so it doesnt get all 
>>> mixed in with my inbox stuff. Give that a shot and see how you like 
>>> it. I hope we have a meeting this month and if we do, maybe you 
>>> could bring in your box and we could do FC3 dump that we have tweaked.
>>> Advent Systems wrote:
>>>
>>>> Cyber Source & Dave Andruczyk,
>>>>    Just want you guys to know I'm not some asshole because all the 
>>>> help re: small network and I did not reply or thank you sooner BUT 
>>>> none of that matters now.  You see  on the 1st I believe my system 
>>>> was cracked, broken into, whatever you want to call it.  I'm not 
>>>> sure because in 15-18 years of using computers I haven't had as 
>>>> much as a virus (well,maybe 1-2).  All I know is the day before I 
>>>> was updating my system via apt-get and It kept getting "stuck" at 
>>>> some site in ca. called slug something.  I ......you know what, 
>>>> this is not the purpose of this email, If anyone wants all the 
>>>> particulars email me off the list.
>>>>    The Problem is this; 18 years of working on windows systems left 
>>>> me knowing how to harden them and my windows boxes were untouched.  
>>>> With Linux (I'm a newbie), a 10 yr. old boy could attack my Linux 
>>>> box and did.  I've gotten so side tracked with just getting the 
>>>> system installed and usable I forget all about security.  I've been 
>>>> using SuSE and mandrake for a few years and I guess the combination 
>>>> of there pre-packaged click & go security, there manuals and Linux 
>>>> not being as popular, left me with a false sense of security.  
>>>> Since switching to FC2 I have NO idea.  Ive purchases a number of 
>>>> highly regarded Linux/Unix books and they explain how to secure 
>>>> NASA :) but nothing on how to harden a simple laptop.  Is the Red 
>>>> Hat-9 users guide the same as FC2?  I cant find a straight answer.  
>>>> By default, I got services running and ports open all over the 
>>>> place.  I've been closing and shutting them down, and it screws 
>>>> everything up and I have to re-install (like 5-10 times).
>>>>    What are the BARE min. services and ports that need to be 
>>>> running and what do you FC2 guys do to keep the average jerk out of 
>>>> your systems (I know there nothing that can be done against a 
>>>> smart, concentrated attack)
>>>>    As far as the small network goes I cant even think about taking 
>>>> my machine off the windows network until I learn and understand 
>>>> Linux security.
>>>>
>>>> Sorry this was so long but nothing like this ever happened to me 
>>>> before.
>>>> Thanks again,
>>>> Bob Randal
>>>>
>>>>  
>>>
>>>
>>>
>>>
>>>
>