David Oberbeck grabbed a keyboard and wrote:
>
> On Saturday 27 July 2002 14:18, David Guntner Wrote Thusly:
>>
>> Any other thoughts on the subject? Or is it just time to "push the
>> button, Max?" (Probably no one will get the joke, but I'm sure you
>> understand the meaning... :)
>
> Up Max, UUUUUUpppppp Max!
> - Professor Fate, The Great Race
LOL! I really didn't figure that anyone here would get that. :-)
> But seriously, do you have tripwire running on a fixed medium (e.g.
> the
> Tripwire database on a CD-ROM)? Do you have tripwire running at all?
No, I don't. Tell me about Tripwire. What is it, how does it work, where
can I get it? Oh yea, and will it help keep me from having to wipe and
reinstall again in the future? :-)
> Are other, "softer" systems (e.g. Windows running LookOut) connected
> to the suspect box with trusted access (this might be a way for someone
> to get in).
There's a Windows 98SE computer on the same network (I'm behind a DSL
broadband router, and both machines are connected via a switch). However,
I don't think there's any "trusted" access going on there. I don't even
have Samba running on the Linux box, although I do have my C: and D: drive
mounted (type smbfs on the mount command) on the Linux box so that I can
copy files easily from the Windows box to the Linux box when I'm logged in
to the Linux box. Other than that, no direct contact is made between
them.
> Basically, the correct paranoid response is if you are not sure, wipe
> it.
Yea, that's what I was afraid of. I was just hoping that someone could
give me another plausable reason why two entries would have been deleted
from wtmp.
My other response (at least for the time being) has been to configure the
DSL router to no longer forward incoming connections on ports 20-22 to the
Linux box, to cut off access to services that let you log in. And I've
moved the ssh port to another non-standard port (and configured the sshd
config file to listen on that port, of course) so that I can still log in
remotely if needed. I'll probably leave it like that after the dust has
settled from this as well....
> While this level of paranoia is not for everybody, it works for me.
Unfortunately, I'm paranoid enough about this kind of thing to realize
that it's needed. I just hate the time it takes to do it.... :-/
> Good luck with this.
>
> HTH,
> DGO
Thanks. And do fill me in on Tripwire; you've got me curious.
--Dave
Want to buy your Pack or Services from MandrakeSoft?
Go to http://www.mandrakestore.com
