David Oberbeck grabbed a keyboard and wrote: > > On Saturday 27 July 2002 14:18, David Guntner Wrote Thusly: >> >> Any other thoughts on the subject? Or is it just time to "push the >> button, Max?" (Probably no one will get the joke, but I'm sure you >> understand the meaning... :) > > Up Max, UUUUUUpppppp Max! > - Professor Fate, The Great Race
LOL! I really didn't figure that anyone here would get that. :-) > But seriously, do you have tripwire running on a fixed medium (e.g. > the > Tripwire database on a CD-ROM)? Do you have tripwire running at all? No, I don't. Tell me about Tripwire. What is it, how does it work, where can I get it? Oh yea, and will it help keep me from having to wipe and reinstall again in the future? :-) > Are other, "softer" systems (e.g. Windows running LookOut) connected > to the suspect box with trusted access (this might be a way for someone > to get in). There's a Windows 98SE computer on the same network (I'm behind a DSL broadband router, and both machines are connected via a switch). However, I don't think there's any "trusted" access going on there. I don't even have Samba running on the Linux box, although I do have my C: and D: drive mounted (type smbfs on the mount command) on the Linux box so that I can copy files easily from the Windows box to the Linux box when I'm logged in to the Linux box. Other than that, no direct contact is made between them. > Basically, the correct paranoid response is if you are not sure, wipe > it. Yea, that's what I was afraid of. I was just hoping that someone could give me another plausable reason why two entries would have been deleted from wtmp. My other response (at least for the time being) has been to configure the DSL router to no longer forward incoming connections on ports 20-22 to the Linux box, to cut off access to services that let you log in. And I've moved the ssh port to another non-standard port (and configured the sshd config file to listen on that port, of course) so that I can still log in remotely if needed. I'll probably leave it like that after the dust has settled from this as well.... > While this level of paranoia is not for everybody, it works for me. Unfortunately, I'm paranoid enough about this kind of thing to realize that it's needed. I just hate the time it takes to do it.... :-/ > Good luck with this. > > HTH, > DGO Thanks. And do fill me in on Tripwire; you've got me curious. --Dave
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com