Re: possibly compromised redhat 7.2 box UPDATE - harden
From: Alvin Oga (alvin.sec_at_Virtual.Linux-Consulting.com)
Date: 05/27/04
- Previous message: Damon Brinkley: "RE: Cisco CSA"
- In reply to: Melissa McGillis: "RE: possibly compromised redhat 7.2 box UPDATE"
- Next in thread: James Kelly: "Re: possibly compromised redhat 7.2 box"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: mcgillim@cis.uab.edu (Melissa McGillis) Date: Thu, 27 May 2004 06:45:31 -0700 (PDT)
hi ya melissa
> Checked it out and found the suckit rootkit on that box as well as 4 others.
> I'm in the process of reloading them. I don't have any extra drives or
> anything to save info for forensic purposes. I've done some googling for the
> info but most of what I've found is porn and people with the rootkit. Anyone
> know any tech info on it? Or a good place to find detailed instructions on
> locking down RH 7.2? (Boss won't let me upgrade or switch to another OS,
> hands are tied).
if the boss wont let you upgrade ...
a) point out that even redhat does NOT support rh-7.2 anymroe
no official support for even rh-9
ie... you are on your own to apply patches from the 10,000
different packages that release patches as it occurs
b) you should follow all the basic steps to harden the servers ...
- should be about 2-3 days of effforts to compile the new
upgrades and install it
( you will probably NOT find the *.rpm for your rh-7.2
- if you didn't spent that amt of time to apply about 200-300
patches ... than some vulnerabilities is probably
still exploitable
( 200-300 is the number of *.rpm packages for d/l and installing
( to patch the servers .. in this acse, you'd be getting the
( original source code instead to compile it locally
c) consider this break-in as a testing grounds that indicates that
things NEED to be fixed and changed and that you're NOT liable
if your hands are tied for whatever reason
( crazy reasons or budgets or time or ?? )
server hardening ...
http://www.Linux-sec.net/
- note the top-7 or top-20 security problems
have fun
alvin
---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------
- Previous message: Damon Brinkley: "RE: Cisco CSA"
- In reply to: Melissa McGillis: "RE: possibly compromised redhat 7.2 box UPDATE"
- Next in thread: James Kelly: "Re: possibly compromised redhat 7.2 box"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
