[Date Prev][Date Next][Date Index]
Re: beware: RedHat Linux v5.1 system compromised
- Subject: Re: beware: RedHat Linux v5.1 system compromised
- From: Gerry Swislow <certif!gerry@photon.mit.edu>
- Date: Sat, 21 Nov 98 21:56:27 -0500
Pete Jemian wrote:
> Looks like a hacker compromised a RedHat Linux v5.1 PC
> this week. Came in at about 2am Wednesday via the imapd
> daemon ...
Hacker utilities are now widely available to scan IP addresses looking
for known weaknesses. The imapd exploit is well known. Red Hat has had a
fix on their errata pages for some time. I encourage all Red Hat linux
users to keep up to date with these errata, especially those relating to
security. One just need download the updated rpm file from one's browser,
and then run the rpm command to get it installed -- pretty easy stuff.
In addition, folks should also consider 1) commenting out unnecessary
services in /etc/inetd.conf, 2) activating tcp wrappers by entering
trusted sites into /etc/hosts.allow, 3) using a shadow file for passwords
(initialized with the pwconv command) and 4) monitoring the system log
files in /var/log regularly. Although it's a bit more complicated to set
up, the linux kernel firewalling (which is highly configurable) adds
another layer of protection.
I've done all these things now that CSS HQ has a full-time internet
connection via a cable-modem. The firewall log files here show an average
of a little less than one (unsuccessful) attack per day.
-------------------------------------------------------------------
Gerry Swislow phone: (617) 576-1610
Certified Scientific Software fax: (617) 497-4242
PO Box 390640 email: gerry@certif.com
Cambridge, MA 02139-0007 Web: http://www.certif.com
-------------------------------------------------------------------