On Thu, 15 Dec 2005, kevin bailey wrote:
> Alvin Oga wrote: > > > On Thu, 15 Dec 2005, kevin bailey wrote: > > > >> was recently rootkitted on a debian machine because i'd left an obscure > >> service running. > > > > if you know how they got in .. i assume oyu have since fixed it > > my guess it was the miniserv.pl run by webmin - it had a security problem > which does not seem to have been address by debian. webmin thingie's can be good or bad .. :-) > another possibility was zope - it had had soem of its files altered. one can alter any files once they got in .. > definitely - the first machine was a try out machine - and i'd installed > loads of stuff on it. i consider all my machines to be "first machines to test" and all important data saved on other test machines > now i have two machines - one ready to take over from the first - with far > fewer services running. combining wiht your other post, be careful when and why your "backup" machine will take over for the first machine ... - if they hacked your first machine, they will also be trying to hack the 2hd (backup) machine too - if both machines are identical in hw and apps that;s installed, than the 2nd box will also be rm -rf'd - if someone takes down my machines.. i want it to stay down, and play possom .. till somebody knowledgable takes a look at it and can explain why it went down and how and why - if it is critical that machines have to stay up, one should have the budget ( time, $$$ and resources ) for "high availability" and not just hot-swap 2 machines for failover - load balancing is better, since you know all machines is up and working ... and in sync ( data-wise ) with each other - even if its 3x 586 ( something cheaper and fast enough ) is still better than 1 superfast/expensive P4 box if you always want to be online ... - i'd definitely use different hw and different patch levels of distro and apps ... so that the machines will not fall for the same cracker's tricks > > http://www.debian.org/doc/manuals/securing-debian-howto/ > > > > will read in detail! and if you have more things to add to the list ... i'm sure they'd be looking for comments ( good or bad ) > a second machine is set up ready to take over. see comments above > would like to do this - but i also need to be able to access the server from > my laptop which connects over 3G - i.e. different IP address every time. the ip# that you will be at will be a limited choice ... not the "whole world" .. just allow that smaller world ( ip# ranger of the other isp ) than the whole big "everybody and anybody" > now been made aware of this i'll not be using internet cafes again!!!! :-) one usually worries after the fact :-) and is always a convenience vs security ... > i tend to use gpw or pwgen to create all passwords - so they shouldn't be > too bad. in which case, as you stated elsewhere, postits should be fine, since all employee's and people in/near the pc should be trustable > but running the password checkers has to be done as you say. doesn't hurt when time is available .. always double check things when possible > i'm a programmer by training but finding that clients need reliable managed > servers. so i'm trying to do two jobs at the same time - set up and manage > servers - and write code to pay the bills! that's probably aplies to everybody :-) > debian has really helped so far - my original server ran for 4 years before > it was hacked - and that was with me installing loads of stuff and not > really doing much RE security. that's a damn good track history for 4yrs.. > hopefully i can be more proactive now and keep on top of the security issues > better!!! tough job to do.. ez to say .. :-0 have fun alvin -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]