Re: lighting---hacked!

From: Greg Owen (gowen-cols@swynwyr.com)
Date: 05/09/02 

From: Greg Owen <gowen-cols@swynwyr.com>
Date: Thu, 09 May 2002 14:40:30 GMT

Clayton D. Strand <cdstrand@lazotech.com> writes:
> Then we got hit by lightning last Friday, and it took down our
> system. We had segmentation faults. I had 7.2 cd's on hand (from
> the Linux 7.2 bible) so I tried to "upgrade" the system, thinking it
> might repair damage. It did not. I could find no way to "force" an
> upgrade of services, even though the customization option was
> checked.

        Instead, you could have used RPM to verify which packages had
been damaged, and then to forcibly reinstall the individual packages
that got damaged. Presumably you also would have noticed if any
damaged package didn't match the version on CD, and gone to get the
appropriate update so as to stay secure.

        If you were using NT, that wouldn't have been an option, and
you'd have had to reinstall from scratch.

> I then installed 7.2 from the CD's, leaving the file system intact.
> Another error, admittedly, was that I should have started from
> scratch, though, in retrospect, that would have merely transferred
> the problems we had from Wednesday to the preceding Friday. The
> system came up and no one had access to it, though it worked fine as
> a single user system.

        The fresh install would have killed your passwd database. It
would seem you didn't have a backup to recover it from? At the very
least, you should have manually copied it somewhere before
"reinstalling," if you absolutely had to reinstall.

> I noted that this was "really" good security, so finally, I switched
> off ipchains (another administration error) because neither of us
> could make heads nor tails, nor had we any documentation we could
> understand, how to allow authorized users to access the system.

        Well, switching off ipchains probably didn't help. I'm not
nsure why you blame the "Linux installation process," because newer
releases set up a firewall for you, and older ones didn't.

        You should have corrected the actual problem here, rather than
turning off your firewall. This would hold true for both Windows and
Linux.

> I can *still* find no [ipchains] documentation which means anything
> at all to me. The "bible" I have is worthless as far as
> documentation is concerned, and the HOWTO (which I looked at first
> last friday) is incomprehenisble to me.

        You need to read http://www.tldp.org/HOWTO/IPCHAINS-HOWTO.html

        You may need to read it several times, and experiment. Quite
frankly, if you can't figure it out, you should drop $500 on a
SonicWALL (or whatever) and get a real firewall in place.

> Our users lost several hours access to email yesterday because we
> were running Linux instead of NT, which would have been up and
> running in a fraction of the time.

        No, they lost it because you weren't prepared with backups,
didn't understand the correct way to repair damage to your system,
couldn't debug your actual problem and turned off your firewall
instead of handling it correctly. Since NT doesn't come with a
firewall, how would you protect the NT box?

> getting minimal security to allow access to the box, and having
> gotten the first step, installation of the dns server, done, I'm
> going to install our web server again, and then tackle sendmail,
> which is going to be a nightmare, again, as it always is.

        This time you should make backup copies of your configuration
files, and keep them current. If you aren't doing that on a
production box - Linux, NT or anything else - you're going to have
this problem again the next time. 

-- 
	gowen -- Greg Owen -- gowen-cols@swynwyr.com
	79A7 4063 96B6 9974 86CA  3BEF 521C 860F 5A93 D66D

Relevant Pages

  • RE: Cant install internet explorer 6.0 "invalid digital signature
    ... a good firewall and anti-malware utility; ... You can download a 15-day trial of Zonelabs Security Suite, ... After all that, you can do either a reinstall, or ... repair of your opsys -- if running WinXP, you can insert your installation CD ...
    (microsoft.public.windowsupdate)
  • Re: DEP - Generic Host Process for Win32 Services
    ... > Then do an internet program scan found in your Nortons firewall settings. ... > sure that the printer software was installed before i installed the firewall. ... > windows then reinstalling the printer software then reinstall the firewall. ... > I learnt all of this the hard way but ingnoring the numerous installation ...
    (microsoft.public.windowsupdate)
  • Re: DEP - Generic Host Process for Win32 Services
    ... Then do an internet program scan found in your Nortons firewall settings. ... sure that the printer software was installed before i installed the firewall. ... windows then reinstalling the printer software then reinstall the firewall. ... I learnt all of this the hard way but ingnoring the numerous installation ...
    (microsoft.public.windowsupdate)
  • 2 instances of Win XP Pro - How to uninstall one of them?
    ... Have Windows XP Pro installed twice in a single partition. ... installation was infected by virus/spyware so installed Win XP the second ... Now won't reinstall. ... Using no other firewall. ...
    (microsoft.public.windowsxp.configuration_manage)
  • Dialup Lockup - Finally Found The Problem!
    ... I found what has been creating a conflict. ... internet communication locks up completely, ... > Norton CleanSweep monitored the installation and I used CleanSweep to ... I read that WinXP's built-in firewall can sometimes cause conflicts ...
    (microsoft.public.windowsxp.security_admin)