TCLUG Archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [TCLUG:16949] Sendmail/Linux Help

Eric F Crist wrote:
> Hey,
> My web server got hacked on Thursday.  I had to do a complete reinstall due to
> the fact that shadow/password and init files were deleted.

Yeah, that's a good reason..

[snip sendmail stuff - I don't know much about that]

> The other problem:
> Ever since I installed linux, new users show up unexpectedly.  For example,
> It's like someone is going into my server and creating accounts with names like
> reboot, system (UID 0, GRP 0), and other accounts that look legit, but I know
> they're not (Caldera, by default, enters Caldera OpenLinux User in the Name
> field, Unless you change it manually).

Yeah, sounds like something strange may be going on.  Those accounts
should not have passwords, and (on RedHat 6.1 at least) they should not
have UID 0 (although they are GID 0 on my system).

> Can someone please help me?

That's what we're all here for ;-)

> I don't understand ipchains, and I need help setting up as a gateway.

This is usually a matter of a few simple commands:

/sbin/ipchains -P forward DENY
/sbin/ipchains -A forward -s -j MASQ

plus some `insmod' lines for various services (although I understand
that some of these have recently been found to be somewhat vulnerable to

/sbin/modprobe ip_masq_ftp
/sbin/modprobe ip_masq_irc

I would highly recommend going out and getting a decent system
administration book.  The Linux Administrator's Security Guide
[] is a good online resource. 
Unfortunately, most Linux distributors have not yet listened to the call
that many users have been making for the past few years -- keep all
(unnecessary) services turned off by default, and leave it to the user
to enable them..

 _  _  _  _ _  ___    _ _  _  ___ _ _  __   #define EFLAT
/ \/ \(_)| ' // ._\  / - \(_)/ ./| ' /(__   /* System needs tuning */ 
\_||_/|_||_|_\\___/  \_-_/|_|\__\|_|_\ __)                             
 [ Mike Hicks | | ]