Re: Secure Log

Thu, 30 Sep 1999 07:32:21 -0700 

On Thu, Sep 30, 1999 at 04:15:49PM +0100, Tony Turner wrote:
> Panic Attack

Let me say in large friendly letters... DON'T PANIC. ;)

> I have just looked in the file "Securetty" and its empty....that's not
> right is it?

No, but it's bad in a more secure direction, not less secure. Basically
this file lists all the terminals from which root is allowed to login to.
It would be bad if entries were added so that anyone could telnet into
the box and login as root that way.

> This Linux box runs DNS Bind and I call 1 CGI whois script from a Web
> site on my NT box. So are the messages below harmless? 

Do you have the latest version of bind? 

> Also been getting in the "secure" log file
> 
[snip]
> 
> (loads of other connections from the same above network address)

Someone is scanning your site. They are opening a connection and then
closing it without actually doing anything. This tells folks what kind of
services you're running. 

The imapd message about a file not being found means that your inetd.conf
file lists imapd as a service you are offering, but the actual binary to
handle the service does not exist. 

You should be okay. But that doesn't mean you shouldn't stay on the 
look out for odd things happening. Just be careful about getting
hypersensitive. 

Some general tips:

Run ps -auxw on your system from time to time and see what's running. 

Run netstat -anp and see what services you're offering. Make sure you aren't
listening to any ports you don't know about. 

Edit your inetd.conf file down so that you are only offering those services
which you need to offer. For example, if you don't need to ftp into the 
machine, turn ftp off. If you can run ssh on the box instead of telnet,
do so and turn telnet off. If you don't need imapd, turn it off. etc...

It looks like you're already monitoring your logs which is good. 

-Steve
 Who speaks for himself, not his employer.


-- 
______________________________________________________________________________
Steve Shah ([EMAIL PROTECTED]) | Alteon Web Systems Inc. (Developer/Sysadmin)
    http://www.alteon.com     |   Voice: 408.360.5653  Fax: 408.360.5500
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     Life is best measured in beats per minute. How alive are you? -SjS
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to [EMAIL PROTECTED]

Reply via email to