Re: beware: RedHat Linux v5.1 system compromised

Subject: Re: beware: RedHat Linux v5.1 system compromised
From: Gerry Swislow <certif!gerry@photon.mit.edu>
Date: Sat, 21 Nov 98 21:56:27 -0500

Pete Jemian wrote:

> Looks like a hacker compromised a RedHat Linux v5.1 PC
> this week.  Came in at about 2am Wednesday via the imapd
> daemon ...

Hacker utilities are now widely available to scan IP addresses looking  
for known weaknesses.  The imapd exploit is well known.  Red Hat has had a  
fix on their errata pages for some time.  I encourage all Red Hat linux  
users to keep up to date with these errata, especially those relating to  
security.  One just need download the updated rpm file from one's browser,  
and then run the rpm command to get it installed -- pretty easy stuff.

In addition, folks should also consider 1) commenting out unnecessary  
services in /etc/inetd.conf, 2) activating tcp wrappers by entering  
trusted sites into /etc/hosts.allow, 3) using a shadow file for passwords  
(initialized with the pwconv command) and 4) monitoring the system log  
files in /var/log regularly.  Although it's a bit more complicated to set  
up, the linux kernel firewalling (which is highly configurable) adds  
another layer of protection.

I've done all these things now that CSS HQ has a full-time internet  
connection via a cable-modem.  The firewall log files here show an average  
of a little less than one (unsuccessful) attack per day.

-------------------------------------------------------------------
  Gerry Swislow                     phone:  (617) 576-1610
  Certified Scientific Software       fax:  (617) 497-4242
  PO Box 390640                     email:  gerry@certif.com
  Cambridge, MA  02139-0007           Web:  http://www.certif.com
-------------------------------------------------------------------

Prev by Date: beware: RedHat Linux v5.1 system compromised
Next by Date: problems with undulator communications
Index(es):
- Date