[1827] in linux-security and linux-alert archive
[linux-security] Re: Named update for RH 4.2 exploitable?
daemon@ATHENA.MIT.EDU (Jeremy Blackman)
Sun Jun 7 04:01:52 1998
Date: Sat, 6 Jun 1998 17:24:11 -0700 (PDT)
From: Jeremy Blackman <asbel@nausicaa.net>
To: linux-security@redhat.com
In-Reply-To: <3.0.32.19980606183744.00d00e94@38.241.72.1>
Resent-From: linux-security@redhat.com
Reply-To: linux-security@redhat.com
1) The RPMs at ftp.redhat.com in the updates directory are for 4.9.x,
but 8.1.2 is in the contrib directory. I went looking the other day.
> When I was hacked the first time the person had the nerve/insight while
> someone was talking to him over IRC to change /bin/login
> to accept a static password for root. Once you have been hacked
> there is very few alternatives to most Linux mortals than to reloading the
> os if you would like to avoid future hacks.
2) One of my machines was hacked - apparently via Samba. (I had turned
it off, but the other sysadmin turned it back on to do something and
apparently never removed it.) However, the hacker was remarkably
dumb... yes, they replaced /bin/login and a few other things with
trojans, but they didn't bother to touch them back, nor did they
bother to check the system terribly well. My tripwire programs
(including 'tripwire' itself) quite happily reported to me every
file he altered and everything he did.
From what I've heard from other sysadmins, hackers are often very
blind to tripwire programs. I'm also doubly careful, and store
my checksum data and whatnot on remote systems. I HIGHLY recommend
people use tripwire systems like 'tripwire'. There are also custom
kernel modifications out there which provide additional - much harder
to notice, since it's in the kernel - security. Better to run these
and find problems quickly and be able to recover easily, than to
avoid the hassle of setting them up, only to be hacked. :)
--Jeremy
--
----------------------------------------------------------------------
Please refer to the information about this list as well as general
information about Linux security at http://www.aoy.com/Linux/Security.
----------------------------------------------------------------------
To unsubscribe:
mail -s unsubscribe linux-security-request@redhat.com < /dev/null