Re: Found, a new rootkit

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


On Friday 31 March 2006 19:29, John Summerfield wrote:
>Gene Heskett wrote:
>> We've cut our bandwidth use in half by getting rid of that.  We also
>> checked the logs and added several dozen more addresses
>> to /etc/hosts.deny,
>That is fairly useless. IP addresses of attackers change as quickly at
>IP addressess of spammers, and they have so many it's like trying to
>fence off the porn sites of the world.
>More important is to discover how the rogue gained entry and to close
>that loophole. How did the shell script get there? Whose account was
>used? Does .bash_history include useful clues about what was done? Did
>the attacker send email after gaining entry? If so, the recipent
> domain (eg Yahoo) may be interested.
>Root's account, eh? Disallow password-based authentication for root.
>Ensure that only those who need it have shell accounts, and that those
>have good passwords. _I_ have incoming ssh land on my personal
> desktop, there there is only my password to worry about.

root ssh is denied. To do normal maintainance we log in as ourselves & 
su -.

Cheers, Gene
People having trouble with vz bouncing email to me should add the word
'online' between the 'verizon', and the dot which bypasses vz's
stupid bounce rules.  I do use spamassassin too. :-) and AOL/TW attorneys please note, additions to the above
message by Gene Heskett are:
Copyright 2006 by Maurice Eugene Heskett, all rights reserved.

[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux