Security Basics mailing list archives
Re: possibly compromised redhat 7.2 box UPDATE - harden
From: Alvin Oga <alvin.sec () Virtual Linux-Consulting com>
Date: Thu, 27 May 2004 06:45:31 -0700 (PDT)
hi ya melissa
Checked it out and found the suckit rootkit on that box as well as 4 others. I'm in the process of reloading them. I don't have any extra drives or anything to save info for forensic purposes. I've done some googling for the info but most of what I've found is porn and people with the rootkit. Anyone know any tech info on it? Or a good place to find detailed instructions on locking down RH 7.2? (Boss won't let me upgrade or switch to another OS, hands are tied).
if the boss wont let you upgrade ... a) point out that even redhat does NOT support rh-7.2 anymroe no official support for even rh-9 ie... you are on your own to apply patches from the 10,000 different packages that release patches as it occurs b) you should follow all the basic steps to harden the servers ... - should be about 2-3 days of effforts to compile the new upgrades and install it ( you will probably NOT find the *.rpm for your rh-7.2 - if you didn't spent that amt of time to apply about 200-300 patches ... than some vulnerabilities is probably still exploitable ( 200-300 is the number of *.rpm packages for d/l and installing ( to patch the servers .. in this acse, you'd be getting the ( original source code instead to compile it locally c) consider this break-in as a testing grounds that indicates that things NEED to be fixed and changed and that you're NOT liable if your hands are tied for whatever reason ( crazy reasons or budgets or time or ?? ) server hardening ... http://www.Linux-sec.net/ - note the top-7 or top-20 security problems have fun alvin --------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ----------------------------------------------------------------------------
Current thread:
- possibly compromised redhat 7.2 box Melissa McGillis (May 21)
- Re: possibly compromised redhat 7.2 box Kalpin Erlangga Silaen (May 25)
- <Possible follow-ups>
- Re: possibly compromised redhat 7.2 box Eric Gunnett (May 21)
- Re: possibly compromised redhat 7.2 box James Turnbull (May 25)
- RE: possibly compromised redhat 7.2 box Brecrost Jones (May 26)
- RE: possibly compromised redhat 7.2 box UPDATE Melissa McGillis (May 27)
- Re: possibly compromised redhat 7.2 box UPDATE - harden Alvin Oga (May 27)
- Re: possibly compromised redhat 7.2 box James Kelly (May 27)
- RES: possibly compromised redhat 7.2 box Nelson B. dos Santos Neto (May 27)
- RE: possibly compromised redhat 7.2 box UPDATE Melissa McGillis (May 27)