Les Mikesell wrote:
bob.smith@xxxxxxxxxxx wrote:
Something strange in those script? Something that lead you to think
you've a rootkit installed?
I do this to get to know the system, I have been cracked many times
and quite honestly have enough of it. Either I get to know my system
deep down, or I run the box online all days all nights without
protection.
The software included in the distro is fairly secure if you keep it up
to date with frequent 'yum update' runs. If you have been cracked 'many
times' it is likely to be because you have weak passwords that someone
is guessing through ssh, or you haven't kept the system up to date as
new exploits are discovered and fixed, or you have added 3rd party or
your own programs (like a lot of php web stuff...) that are insecure and
haven't kept them up to date.
I use ssh keys and/or vpn for remote logins. They authenticate the box,
not the user, but that's enough for me.
fwiw I recently enabled smtp authentication for mail relaying. I see
people using that to enumerate account/password combinations.
I've previously seen ssh and ftp used for that purpose.
--
Cheers
John
-- spambait
1aaaaaaa@xxxxxxxxxxxxxxxx Z1aaaaaaa@xxxxxxxxxxxxxxxx
Please do not reply off-list
