[NTLUG:Discuss] crackers

[MadHat]

Lee Knudsen wrote:
> 
> don't you just hate it when you have your cable modem up-and-running
> for LESS THAN FIVE DAYS and some cracker from jersey finds his way
> into your system and gets root access and deletes /var/log/* ??
> man, i *hate* it when that happens!
> 
> beware of running a standard linux distro off a cable modem.  i
> would have never known anybody was there if i hadn't been tailing
> both /var/log/secure and /var/log/messages and been at my terminal
> at the very same time of the security breach.  fortunately, i was
> able to save the last bit of the logs merely because i was tailing
> them - i have the ip of the intruder, but what good does that do me?
> 
> oh, thanks for all your help on getting my NIC to work.  as it turns
> out, it was a NE1000/NE2000 clone, and i had no problem compiling
> that into the kernel.
> 
> i guess i'll be reading the security and shadow password HOWTOs here
> in short order.  :)   and if you run a standard linux install off a
> cable modem, i think you should read them too...
> 
> -- lee

I feel for ya.

DOn't run a standard distro anywhere.
ALways edit the /etc/inetd.conf and comment out anything you don't use
(and HUP the inetd daemon).
Look and see what is being started (as far as daemons go) by default and
turn them off if you don't use them (look at the rc files|directories
off the /etc dir).  Make sure to use shadow passwords (default on most
newer distros).
that is where to start.

If you can, dont use the same login for mail and ftp as you do for shell
access and only do shell access with SSH so it is encrypted, and make
the ftp access limited to a set of directories that don't have anything
critical, like a home dir.  

Try to keep the services you do use up to date. 

basic ideas.  easier to say than to stick to.

-- 
MadHat