Re: Hacking RH 6.2

[Matt Drew <mdrew redhat com>]

All of these suggestions that everyone has come up with are excellent but
I want to emphasize something on security.  The number one problem that we
see in support is that people don't apply the necessary security update
rpms to their systems.  I just want to make this very clear:

If you install a stock 6.1 or 6.2 machine and expose it to the Internet,
you can expect a compromise within days if not hours.

This is true for all computer systems, not just Red Hat Linux or any other
flavor of Linux.  There are automated tools that scan the net looking for
vulnerable systems and automatically compromise them. Like it or not, that
is the way it is.  This is why we (and everyone else) release security
errata, and this is one reason we are building RHN.  It is VERY, VERY
important to stay up on security if you administer a machine that is
connected to the Internet as a server.  The Ramen Noodle worm and now the
Lion worm are perfect examples of this -- they can only spread themselves
to machines that have not been updated.

And if you do keep up, you'll make my job (and a lot of other people's) a
little bit easier. :)

On my own note, I'll add:

check out www.linuxdoc.org and read the "Securing and Optimizing Linux:
Red Hat Edition" Guide.  The book is good, and has a lot of detailed
information on securing a 6.2 server.  Enjoy. :)

Matt

On Wed, 28 Mar 2001, Weston Rogers wrote:

> Have you reformatted the machine after you have figured out your box got rooted? Also, make sure you use the security tools from www.psionic.com  they are exellent and even easier to setup.  Also, depending on your environment you may want your mail / dns servers seperate, OR make the machine multi-homed (two nic cards)  if you are a business with a LAN and a WAN.
>
> Make sure you use TCP wrappers, NO telnet NO anon ftp (no ftp for that matter, ) Install SSH2 from www.ssh.com (free for commercial use) and that comes with SFTP server for secure ftp transfer if needed.  Also install just your basic server , no X , nothing but exactly what you need and download and install binarys for what you intend on run ****LATEST****  versions of BIND and use www.postfix.org or www.qmail.org instead of sendmail.
>
> I can go on and on....email me if you need specific help.
>
>
>   ----- Original Message -----
>   From: Mohamedou
>   To: redhat-install-list redhat com
>   Sent: Wednesday, March 28, 2001 11:58 AM
>   Subject: Hacking RH 6.2
>
>
>   Hello all,
>
>   My Server has been  hacked 2 times and now probably third times.
>   I am using RH 6.2 Mail and DNS are on the same machine.
>   The hacker has let no tacks behind himself.
>   How can I proceed to prevent this.
>   Really I dont need to let Linux and go otherwise.
>
>   Thnx
>
>   Moh
>

-- 
Matt Drew
Peer Review team lead and Bughunter
Red Hat Consumer Services