Re: Box Cracked ( Was: thank's )

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Les Mikesell <lesmikesell@xxxxxxxxx> kirjoitti:
bob.smith@xxxxxxxxxxx wrote:
>>
>> Something strange in those script? Something that lead you to think >> you've a rootkit installed?
>>
>>
> I do this to get to know the system, I have been cracked many times and > quite honestly have enough of it. Either I get to know my system deep > down, or I run the box online all days all nights without protection.

The software included in the distro is fairly secure if you keep it up to date with frequent 'yum update' runs. If you have been cracked 'many times' it is likely to be because you have weak passwords that someone is guessing through ssh, or you haven't kept the system up to date as new exploits are discovered and fixed, or you have added 3rd party or your own programs (like a lot of php web stuff...) that are insecure and haven't kept them up to date.

--
   Les Mikesell
    lesmikesell@xxxxxxxxx

--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list




> The rootkit designs I saw were aimed at the kernel for some reason. No > where could I find mention of a Linux rootkit. >
FWIW, I been running rkhunter on Unix and Linux systems for several
years, on a regular basis.  I also occasionally run chkrootkit, but
I like rkhunter better.  It checks for more than 100 rootkits and
trojans <http://www.rootkit.nl/projects/rootkit_hunter.html>

And it checks md5 values for a number of files, in the easiest case
against the rpm db.  e.g. rkhunter -c --pkgmgr rpm

Regards,
Doug Wyatt

--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list



hi, well, I found rkhunter, ran it, and it did output a few warnings. Now...I feel more comfortable knowing about rkhunter, which I did not know before this thread. A good thing would be to (for each distro) somehow document what is normal on a default installation(if such exists). For example the numerous unix sockets that are in use on my box worried me a lot. Of course they as someone mentioned "don't leave the system", but that didn't occur to me.
regarding the /tmp directory, there is an entry /tmp/keyring-something. Does anyone know what the term keyring means in the security context?

thank you for your advice and help



--



[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux