Re: Hacking RH 6.2

["Mohamedou" <mohamedou bits mr>]

Hello,

I thank U all for this suggestions you gave me.
But now what should I do?
I will try this suggestions.

Regards,

Moh
----- Original Message -----
From: "Matt Drew" <mdrew redhat com>
To: <redhat-install-list redhat com>
Sent: Wednesday, March 28, 2001 10:03 PM
Subject: Re: Hacking RH 6.2


>
> All of these suggestions that everyone has come up with are excellent but
> I want to emphasize something on security.  The number one problem that we
> see in support is that people don't apply the necessary security update
> rpms to their systems.  I just want to make this very clear:
>
> If you install a stock 6.1 or 6.2 machine and expose it to the Internet,
> you can expect a compromise within days if not hours.
>
> This is true for all computer systems, not just Red Hat Linux or any other
> flavor of Linux.  There are automated tools that scan the net looking for
> vulnerable systems and automatically compromise them. Like it or not, that
> is the way it is.  This is why we (and everyone else) release security
> errata, and this is one reason we are building RHN.  It is VERY, VERY
> important to stay up on security if you administer a machine that is
> connected to the Internet as a server.  The Ramen Noodle worm and now the
> Lion worm are perfect examples of this -- they can only spread themselves
> to machines that have not been updated.
>
> And if you do keep up, you'll make my job (and a lot of other people's) a
> little bit easier. :)
>
> On my own note, I'll add:
>
> check out www.linuxdoc.org and read the "Securing and Optimizing Linux:
> Red Hat Edition" Guide.  The book is good, and has a lot of detailed
> information on securing a 6.2 server.  Enjoy. :)
>
> Matt
>
> On Wed, 28 Mar 2001, Weston Rogers wrote:
>
> > Have you reformatted the machine after you have figured out your box got
rooted? Also, make sure you use the security tools from www.psionic.com
they are exellent and even easier to setup.  Also, depending on your
environment you may want your mail / dns servers seperate, OR make the
machine multi-homed (two nic cards)  if you are a business with a LAN and a
WAN.
> >
> > Make sure you use TCP wrappers, NO telnet NO anon ftp (no ftp for that
matter, ) Install SSH2 from www.ssh.com (free for commercial use) and that
comes with SFTP server for secure ftp transfer if needed.  Also install just
your basic server , no X , nothing but exactly what you need and download
and install binarys for what you intend on run ****LATEST****  versions of
BIND and use www.postfix.org or www.qmail.org instead of sendmail.
> >
> > I can go on and on....email me if you need specific help.
> >
> >
> >   ----- Original Message -----
> >   From: Mohamedou
> >   To: redhat-install-list redhat com
> >   Sent: Wednesday, March 28, 2001 11:58 AM
> >   Subject: Hacking RH 6.2
> >
> >
> >   Hello all,
> >
> >   My Server has been  hacked 2 times and now probably third times.
> >   I am using RH 6.2 Mail and DNS are on the same machine.
> >   The hacker has let no tacks behind himself.
> >   How can I proceed to prevent this.
> >   Really I dont need to let Linux and go otherwise.
> >
> >   Thnx
> >
> >   Moh
> >
>
> --
> Matt Drew
> Peer Review team lead and Bughunter
> Red Hat Consumer Services
>
>
>
> _______________________________________________
> Redhat-install-list mailing list
> Redhat-install-list redhat com
> https://listman.redhat.com/mailman/listinfo/redhat-install-list