Security

[Cyber Source]

that is a screen saver you took a picture of.

Advent Systems wrote:

> Cyber Source,
>    Thank you so much. I'll get on this as soon as I answer the rest of 
> the mail here.  Regarding the apt-get updates, I do know what you mean 
> and it wasn't that.  It got stuck "normally" as it sometimes does when 
> a server is very busy and I just retried it when it was done.  It did 
> it 2 more times and then the screen flashed bright yellow and in huge 
> letters (approx.35pt) a message was typed across the screen that said 
> "all work and no play makes jack a dull boy" I walked over to the box 
> and moved the mouse and the screen "flashed again and, well, I cant 
> explain what it did but I snapped a picture of it.  When I download 
> the images from the camera I'll post it for everyone.
> I would love to come to come and meet everyone and bring my machine, 
> Thanks.
>
> Bob Randal
>
> Cyber Source wrote:
>
>> Your thinking that your system was hacked into or compromised because 
>> your apt-get update got stuck on a source? If an apt-get source is 
>> down for the moment, it will get stuck and hang trying to resolve the 
>> host. You could edit your /etc/apt/sources.list and comment out the 
>> offending source temporarily.
>>  Brad gave some good advise. I'd like to add to it. I too was like 
>> you, all familiar and comfortable in windows land and Linux was 
>> totally foreign to me. I started with Linux in '99 and with the help 
>> of this LUG and especially Bob Meyer, my Linux knowledge took off, so 
>> now I can be really dangerous (to myself as well as others) ;). 
>> Anyway I'm going to make some suggestions with assumptions for 
>> simplicity sake. Run all commands as root, without the quotes.
>> 1. Set sendmail up on the box to run in levels 3, 4 and 5. 
>> "/sbin/chkconfig --levels 345 sendmail on". This will start sendmail 
>> in levels 3, 4 and 5.
>> 2. In case it's not already running, "/sbin/service sendmail restart".
>> 3. Edit the file /etc/aliases and uncomment the line under # Person 
>> who should get root's mail. Or add the line under the one there like 
>> this "root: adventsystems at verizon.net" . This will send all logs that 
>> would normally be sent to root to your email address. Save the file.
>> 4. Run the command "newaliases" after editing the /etc/aliases file.
>> 5. Run "/sbin/service sendmail restart"
>>
>> This should get you to at least start looking in your logs because 
>> they will be emailed to you now. On RedHat/FC systems, it will send 
>> logs showing ssh attempts and all sorts of stuff, I see them all the 
>> time from script kiddies, etc. I then create a filter on my email 
>> program (thunderbird) to have all emails sent from my servers to a 
>> seperate folder, say called "Server Stuff", so it doesnt get all 
>> mixed in with my inbox stuff. Give that a shot and see how you like 
>> it. I hope we have a meeting this month and if we do, maybe you could 
>> bring in your box and we could do FC3 dump that we have tweaked.
>> Advent Systems wrote:
>>
>>> Cyber Source & Dave Andruczyk,
>>>    Just want you guys to know I'm not some asshole because all the 
>>> help re: small network and I did not reply or thank you sooner BUT 
>>> none of that matters now.  You see  on the 1st I believe my system 
>>> was cracked, broken into, whatever you want to call it.  I'm not 
>>> sure because in 15-18 years of using computers I haven't had as much 
>>> as a virus (well,maybe 1-2).  All I know is the day before I was 
>>> updating my system via apt-get and It kept getting "stuck" at some 
>>> site in ca. called slug something.  I ......you know what, this is 
>>> not the purpose of this email, If anyone wants all the particulars 
>>> email me off the list.
>>>    The Problem is this; 18 years of working on windows systems left 
>>> me knowing how to harden them and my windows boxes were untouched.  
>>> With Linux (I'm a newbie), a 10 yr. old boy could attack my Linux 
>>> box and did.  I've gotten so side tracked with just getting the 
>>> system installed and usable I forget all about security.  I've been 
>>> using SuSE and mandrake for a few years and I guess the combination 
>>> of there pre-packaged click & go security, there manuals and Linux 
>>> not being as popular, left me with a false sense of security.  Since 
>>> switching to FC2 I have NO idea.  Ive purchases a number of highly 
>>> regarded Linux/Unix books and they explain how to secure NASA :) but 
>>> nothing on how to harden a simple laptop.  Is the Red Hat-9 users 
>>> guide the same as FC2?  I cant find a straight answer.  By default, 
>>> I got services running and ports open all over the place.  I've been 
>>> closing and shutting them down, and it screws everything up and I 
>>> have to re-install (like 5-10 times).
>>>    What are the BARE min. services and ports that need to be running 
>>> and what do you FC2 guys do to keep the average jerk out of your 
>>> systems (I know there nothing that can be done against a smart, 
>>> concentrated attack)
>>>    As far as the small network goes I cant even think about taking 
>>> my machine off the windows network until I learn and understand 
>>> Linux security.
>>>
>>> Sorry this was so long but nothing like this ever happened to me 
>>> before.
>>> Thanks again,
>>> Bob Randal
>>>
>>>  
>>
>>
>>
>>