Security

[Advent Systems]

Cyber Source,
    Thank you so much. I'll get on this as soon as I answer the rest of 
the mail here.  Regarding the apt-get updates, I do know what you mean 
and it wasn't that.  It got stuck "normally" as it sometimes does when a 
server is very busy and I just retried it when it was done.  It did it 2 
more times and then the screen flashed bright yellow and in huge letters 
(approx.35pt) a message was typed across the screen that said "all work 
and no play makes jack a dull boy" I walked over to the box and moved 
the mouse and the screen "flashed again and, well, I cant explain what 
it did but I snapped a picture of it.  When I download the images from 
the camera I'll post it for everyone.
I would love to come to come and meet everyone and bring my machine, Thanks.

Bob Randal

Cyber Source wrote:

> Your thinking that your system was hacked into or compromised because 
> your apt-get update got stuck on a source? If an apt-get source is 
> down for the moment, it will get stuck and hang trying to resolve the 
> host. You could edit your /etc/apt/sources.list and comment out the 
> offending source temporarily.
>  Brad gave some good advise. I'd like to add to it. I too was like 
> you, all familiar and comfortable in windows land and Linux was 
> totally foreign to me. I started with Linux in '99 and with the help 
> of this LUG and especially Bob Meyer, my Linux knowledge took off, so 
> now I can be really dangerous (to myself as well as others) ;). Anyway 
> I'm going to make some suggestions with assumptions for simplicity 
> sake. Run all commands as root, without the quotes.
> 1. Set sendmail up on the box to run in levels 3, 4 and 5. 
> "/sbin/chkconfig --levels 345 sendmail on". This will start sendmail 
> in levels 3, 4 and 5.
> 2. In case it's not already running, "/sbin/service sendmail restart".
> 3. Edit the file /etc/aliases and uncomment the line under # Person 
> who should get root's mail. Or add the line under the one there like 
> this "root: adventsystems at verizon.net" . This will send all logs that 
> would normally be sent to root to your email address. Save the file.
> 4. Run the command "newaliases" after editing the /etc/aliases file.
> 5. Run "/sbin/service sendmail restart"
>
> This should get you to at least start looking in your logs because 
> they will be emailed to you now. On RedHat/FC systems, it will send 
> logs showing ssh attempts and all sorts of stuff, I see them all the 
> time from script kiddies, etc. I then create a filter on my email 
> program (thunderbird) to have all emails sent from my servers to a 
> seperate folder, say called "Server Stuff", so it doesnt get all mixed 
> in with my inbox stuff. Give that a shot and see how you like it. I 
> hope we have a meeting this month and if we do, maybe you could bring 
> in your box and we could do FC3 dump that we have tweaked.
> Advent Systems wrote:
>
>> Cyber Source & Dave Andruczyk,
>>    Just want you guys to know I'm not some asshole because all the 
>> help re: small network and I did not reply or thank you sooner BUT 
>> none of that matters now.  You see  on the 1st I believe my system 
>> was cracked, broken into, whatever you want to call it.  I'm not sure 
>> because in 15-18 years of using computers I haven't had as much as a 
>> virus (well,maybe 1-2).  All I know is the day before I was updating 
>> my system via apt-get and It kept getting "stuck" at some site in ca. 
>> called slug something.  I ......you know what, this is not the 
>> purpose of this email, If anyone wants all the particulars email me 
>> off the list.
>>    The Problem is this; 18 years of working on windows systems left 
>> me knowing how to harden them and my windows boxes were untouched.  
>> With Linux (I'm a newbie), a 10 yr. old boy could attack my Linux box 
>> and did.  I've gotten so side tracked with just getting the system 
>> installed and usable I forget all about security.  I've been using 
>> SuSE and mandrake for a few years and I guess the combination of 
>> there pre-packaged click & go security, there manuals and Linux not 
>> being as popular, left me with a false sense of security.  Since 
>> switching to FC2 I have NO idea.  Ive purchases a number of highly 
>> regarded Linux/Unix books and they explain how to secure NASA :) but 
>> nothing on how to harden a simple laptop.  Is the Red Hat-9 users 
>> guide the same as FC2?  I cant find a straight answer.  By default, I 
>> got services running and ports open all over the place.  I've been 
>> closing and shutting them down, and it screws everything up and I 
>> have to re-install (like 5-10 times).
>>    What are the BARE min. services and ports that need to be running 
>> and what do you FC2 guys do to keep the average jerk out of your 
>> systems (I know there nothing that can be done against a smart, 
>> concentrated attack)
>>    As far as the small network goes I cant even think about taking my 
>> machine off the windows network until I learn and understand Linux 
>> security.
>>
>> Sorry this was so long but nothing like this ever happened to me before.
>> Thanks again,
>> Bob Randal
>>
>>  
>
>
>