[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: hardening checkpoints

On Thu, 15 Dec 2005, kevin bailey wrote:

> Alvin Oga wrote:
> > On Thu, 15 Dec 2005, kevin bailey wrote:
> > 
> >> was recently rootkitted on a debian machine because i'd left an obscure
> >> service running.
> > 
> > if you know how they got in .. i assume oyu have since fixed it
> my guess it was the miniserv.pl run by webmin - it had a security problem
> which does not seem to have been address by debian.

webmin thingie's can be good or bad .. :-)
> another possibility was zope - it had had soem of its files altered.

one can alter any files once they got in ..
> definitely - the first machine was a try out machine - and i'd installed
> loads of stuff on it.

i consider all my machines to be "first machines to test" and all
important data saved on other test machines
> now i have two machines - one ready to take over from the first - with far
> fewer services running.

combining wiht your other post, be careful when and why your "backup"
machine will take over for the first machine ...

- if they hacked your first machine, they will also be trying
  to hack the 2hd (backup) machine too

	- if both machines are identical in hw and apps that;s installed,
	than the 2nd box will also be rm -rf'd

- if someone takes down my machines.. i want it to stay down, and
  play possom .. till somebody knowledgable takes a look at it
  and can explain why it went down and how and why

- if it is critical that machines have to stay up, one should have
  the budget ( time, $$$ and resources ) for "high availability"
  and not just hot-swap 2 machines for failover
	- load balancing is better, since you know all machines
	is up and working ... and in sync ( data-wise ) with each other

	- even if its 3x 586 ( something cheaper and fast enough ) is
	still better than 1 superfast/expensive P4 box if you always 
	want to be online ...

	- i'd definitely use different hw and different patch levels
	of distro and apps ... so that the machines will not fall
	for the same cracker's tricks

> > http://www.debian.org/doc/manuals/securing-debian-howto/
> > 
> will read in detail!

and if you have more things to add to the list ... i'm sure
they'd be looking for comments ( good or bad )
> a second machine is set up ready to take over.

see comments above
> would like to do this - but i also need to be able to access the server from
> my laptop which connects over 3G - i.e. different IP address every time.

the ip# that you will be at will be a limited choice ... not the 
"whole world" .. just allow that smaller world ( ip# ranger of the
other isp ) than the whole big "everybody and anybody" 
> now been made aware of this i'll not be using internet cafes again!!!!


one usually worries after the fact :-)

and is always a convenience vs security ...

> i tend to use gpw or pwgen to create all passwords - so they shouldn't be
> too bad.

in which case, as you stated elsewhere, postits should be fine,
since all employee's and people in/near the pc should be trustable

> but running the password checkers has to be done as you say.

doesn't hurt when time is available .. always double check things when 
> i'm a programmer by training but finding that clients need reliable managed
> servers.  so i'm trying to do two jobs at the same time - set up and manage
> servers - and write code to pay the bills!

that's probably aplies to everybody :-)
> debian has really helped so far - my original server ran for 4 years before
> it was hacked - and that was with me installing loads of stuff and not
> really doing much RE security.

that's a damn good track history for 4yrs..
> hopefully i can be more proactive now and keep on top of the security issues
> better!!!

tough job to do.. ez to say .. :-0

have fun

Reply to: