[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Help needed - server hacked twice in three days (and I don't think I'm a newbie)

On Thu, Jul 21, 2005 at 08:17:38PM +0200, Karsten Dambekalns wrote:
> Now, I find it unlikely to see the same local root exploit in 2.4.18 and 
> 2.6.7. 

They are both old kernels, compile your own and apply suitable patches.
Grsecurity is one, and it doesn't need any particular configuration.

> Are pwgen-passwords with 8 chars, containing upper/lower case and numbers 
> really that insecure?

Good initial passwords doesn't really protect anything if the user are
able to change the password into a really crappy one. Consider using libpam-passwdqc.

> What should I do to prevent such things in the future?

. Remove anything you dont need
. Use iptables to block everything, and allow only what's needed
. Better passwords
. Set Allow{Users,Group} for ssh
. Use current kernels, don't use 2.6 unless you have to. Even if it's
  considered stable new versions keep popping up with big patches
. Have strict mount options; 
  /home mounted with nosuid,nodev,noexec works well (unless your users are
. Go read the Securing Debian Manual (http://www.debian.org/doc/manuals/securing-debian-howto/)


Attachment: signature.asc
Description: Digital signature

Reply to: