<quote who="cromworshipper-fedorastuff@xxxxxxxxx"> > > > --- AragonX <aragonx@xxxxxxxxxx> wrote: > [...] >> I've gotten some very good information off of the security lists though. >> Perhaps I should copy it here so that others could benefit? > > Yes, please. > > What was the weak point that allowed an intrusion on your machine? I'd > like > to know what I should watch out for... <another copy from focuslinux> I would recommend also securing /tmp (and /var/tmp). Mounting it noexec and nosuid is a good step to take. As well, I modified my local wget and curl programs to *not* download to /tmp or /var/tmp, as no legitimate use for the program (on my servers) will be downloading files to these locations. As well, these two programs are commonly used in web script attacks to retrieve a remote file and execute it. As well, install and run regularly (via cron) chkrootkit and rootkit hunter. You should not rely solely on these programs, but they provide a nice check that can assist you in finding some of the more common and known intrusions/rootkits. -Sean Finkel Owner Protollix, LLC http://www.protollix.com
