Security

Cyber Source peter at thecybersource.com
Sun Jan 9 10:47:42 EST 2005


Your thinking that your system was hacked into or compromised because 
your apt-get update got stuck on a source? If an apt-get source is down 
for the moment, it will get stuck and hang trying to resolve the host. 
You could edit your /etc/apt/sources.list and comment out the offending 
source temporarily.
  Brad gave some good advise. I'd like to add to it. I too was like you, 
all familiar and comfortable in windows land and Linux was totally 
foreign to me. I started with Linux in '99 and with the help of this LUG 
and especially Bob Meyer, my Linux knowledge took off, so now I can be 
really dangerous (to myself as well as others) ;). Anyway I'm going to 
make some suggestions with assumptions for simplicity sake. Run all 
commands as root, without the quotes.
1. Set sendmail up on the box to run in levels 3, 4 and 5. 
"/sbin/chkconfig --levels 345 sendmail on". This will start sendmail in 
levels 3, 4 and 5.
2. In case it's not already running, "/sbin/service sendmail restart".
3. Edit the file /etc/aliases and uncomment the line under # Person who 
should get root's mail. Or add the line under the one there like this 
"root: adventsystems at verizon.net" . This will send all logs that would 
normally be sent to root to your email address. Save the file.
4. Run the command "newaliases" after editing the /etc/aliases file.
5. Run "/sbin/service sendmail restart"

This should get you to at least start looking in your logs because they 
will be emailed to you now. On RedHat/FC systems, it will send logs 
showing ssh attempts and all sorts of stuff, I see them all the time 
from script kiddies, etc. I then create a filter on my email program 
(thunderbird) to have all emails sent from my servers to a seperate 
folder, say called "Server Stuff", so it doesnt get all mixed in with my 
inbox stuff. Give that a shot and see how you like it. I hope we have a 
meeting this month and if we do, maybe you could bring in your box and 
we could do FC3 dump that we have tweaked.
Advent Systems wrote:

> Cyber Source & Dave Andruczyk,
>    Just want you guys to know I'm not some asshole because all the 
> help re: small network and I did not reply or thank you sooner BUT 
> none of that matters now.  You see  on the 1st I believe my system was 
> cracked, broken into, whatever you want to call it.  I'm not sure 
> because in 15-18 years of using computers I haven't had as much as a 
> virus (well,maybe 1-2).  All I know is the day before I was updating 
> my system via apt-get and It kept getting "stuck" at some site in ca. 
> called slug something.  I ......you know what, this is not the purpose 
> of this email, If anyone wants all the particulars email me off the list.
>    The Problem is this; 18 years of working on windows systems left me 
> knowing how to harden them and my windows boxes were untouched.  With 
> Linux (I'm a newbie), a 10 yr. old boy could attack my Linux box and 
> did.  I've gotten so side tracked with just getting the system 
> installed and usable I forget all about security.  I've been using 
> SuSE and mandrake for a few years and I guess the combination of there 
> pre-packaged click & go security, there manuals and Linux not being as 
> popular, left me with a false sense of security.  Since switching to 
> FC2 I have NO idea.  Ive purchases a number of highly regarded 
> Linux/Unix books and they explain how to secure NASA :) but nothing on 
> how to harden a simple laptop.  Is the Red Hat-9 users guide the same 
> as FC2?  I cant find a straight answer.  By default, I got services 
> running and ports open all over the place.  I've been closing and 
> shutting them down, and it screws everything up and I have to 
> re-install (like 5-10 times).
>    What are the BARE min. services and ports that need to be running 
> and what do you FC2 guys do to keep the average jerk out of your 
> systems (I know there nothing that can be done against a smart, 
> concentrated attack)
>    As far as the small network goes I cant even think about taking my 
> machine off the windows network until I learn and understand Linux 
> security.
>
> Sorry this was so long but nothing like this ever happened to me before.
> Thanks again,
> Bob Randal
>
>  




More information about the nflug mailing list