Re: [TCLUG:12807] bad day (more details)

To: TCLUG <tclug-list@mn-linux.org>
Subject: Re: [TCLUG:12807] bad day (more details)
From: Christopher Palmer <reid@pconline.com>
Date: Mon, 24 Jan 2000 14:58:23 -0600 (CST)
In-Reply-To: <Pine.GSO.4.10.10001241441100.29959-100000@isis.visi.com>
Reply-To: chrisp@innerfireworks.com

On Mon, 24 Jan 2000, Timothy Wilson wrote:

> Crap. The machine was running DNS, DHCP, NFS, Sendmail, Apache, Zope, FTP.
> All the inetd stuff was shut off except for SSH and FTP. Man, now I'm
> angry. I guess I'm going to have to shift into paranoid mode (plus, it's
> kind of embarrassing). I realize that I *should* be running SATAN,
> Tripwire, chroot everything, etc., but it's practically a full-time job to
> keep up. <lightbulb> Hey, maybe that's why some people actually get paid
> to do this! :-)

Don't be embarrassed -- even people who do it full-time have bad things
happen. (I'm speaking from experience, heh heh.)

Also, as a side note, SSH is best run from outside inetd(8).

That's a lot of services from one box; it was probably insecurable anyway.
Unix wasn't designed with security in mind (to quote Dennis Ritchie), so.
All you can do is to limit the damage a root-ing will do, and raise the
bar above the level of the common AOL-hosted kiddie.

If you can get a second box (as if), run the internal thingies (NFS, DHCP,
...) from it and keep it off the Internet.

--
Christopher Reid Palmer : www.innerfireworks.com

Prev by Date: Re: [TCLUG:12807] bad day (more details)
Next by Date: Re: [TCLUG:12807] bad day (more details)
Prev by thread: Re: Re: [TCLUG:12799] help me find a MUA
Next by thread: Re: [TCLUG:12807] bad day (more details)
Index(es):
- Date
- Thread