[1827] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

[linux-security] Re: Named update for RH 4.2 exploitable?

daemon@ATHENA.MIT.EDU (Jeremy Blackman)
Sun Jun 7 04:01:52 1998

Date: Sat, 6 Jun 1998 17:24:11 -0700 (PDT)
From: Jeremy Blackman <asbel@nausicaa.net>
To: linux-security@redhat.com
In-Reply-To: <3.0.32.19980606183744.00d00e94@38.241.72.1>
Resent-From: linux-security@redhat.com
Reply-To: linux-security@redhat.com


1) The RPMs at ftp.redhat.com in the updates directory are for 4.9.x,
   but 8.1.2 is in the contrib directory.  I went looking the other day.

> When I was hacked the first time the person had the nerve/insight while
> someone was talking to him over IRC to change /bin/login 
> to accept a static password for root.  Once you have been hacked
> there is very few alternatives to most Linux mortals than to reloading the
> os if you would like to avoid future hacks.

2) One of my machines was hacked - apparently via Samba.  (I had turned
   it off, but the other sysadmin turned it back on to do something and
   apparently never removed it.)  However, the hacker was remarkably
   dumb... yes, they replaced /bin/login and a few other things with
   trojans, but they didn't bother to touch them back, nor did they
   bother to check the system terribly well.  My tripwire programs
   (including 'tripwire' itself) quite happily reported to me every
   file he altered and everything he did.

   From what I've heard from other sysadmins, hackers are often very
   blind to tripwire programs.  I'm also doubly careful, and store
   my checksum data and whatnot on remote systems.  I HIGHLY recommend
   people use tripwire systems like 'tripwire'.  There are also custom
   kernel modifications out there which provide additional - much harder
   to notice, since it's in the kernel - security.  Better to run these
   and find problems quickly and be able to recover easily, than to
   avoid the hassle of setting them up, only to be hacked. :)

--Jeremy

-- 
----------------------------------------------------------------------
Please refer to the information about this list as well as general
information about Linux security at http://www.aoy.com/Linux/Security.
----------------------------------------------------------------------

To unsubscribe:
  mail -s unsubscribe linux-security-request@redhat.com < /dev/null


home help back first fref pref prev next nref lref last post