Re: cracked? "rm uses obsolete (PF_INET,SOCK_PACKET)"
On Sun, 15 Jun 2003 at 04:13:19AM -0500, eyem wrote:
> paranoid I now am!!
>
> I always found the concept of script kiddies amusing ... but if I ever found
> this guy I'd ring his neck. Is there any way I can track him down ? (I have
> already backed up some stuff and wiped my hard drive)
You can try, but do you trust logs of a cracked system? If you had an
uncompromised syslog server it would be more reliable b/c they can
INSERT bogus logs but not delete/modify any logs...
>
> After following the debian "how to secure your system" instructions, I would
> like to go a step further and install snort or something. Is that going too
> far? ... is snort the relevant thing ?
Snort in stable is old. You may wish to compile the one in unstable and
use that one or download it from snort.org.
Here is a few keys to security:
1. Watch bug track. If a new vuln is discivered in a service you are
running then shut it off or block it at some network boarder.
2. When a DSA comes out, apt-get uppdate and apt-get upgrade EVERY
machine. You may wish to put this in your cron.daily or in a crontab
@daily apt-get -q -q -q -q update && apt-get -s -q -q -q -q upgrade
3. Don't send passwords in the clear, ever.
4. Firewall your machine/network or both.
--
Phillip Hofmeister
PGP/GPG Key:
http://www.zionlth.org/~plhofmei/
wget -O - http://www.zionlth.org/~plhofmei/key.txt | gpg --import
--
Excuse #132: Bugs in the RAID
Reply to: