Re: crack traces in /var ?
Jesse Meyer wrote:
On Fri, 25 Jul 2003, Andreas von Heydwolff wrote:
[ Snip most details of computer setup and getting cracked ]
When you install a system, unless its absolutely necessary, install it
from behind a firewall.
Then, before you set up any sort of firewall on the machine, start
disabling ports - most servers can be configured to listen to only
the local loopback device or the internal network. Even without a
firewall, your system should be secure. (Hint: 'listen', 'bind',
'allow from', 'interface', etc in config files to limit what device
the server listens to, and xinetd to limit those services that
traditionally start from inetd.)
I was a bit sloppy on this - my previous install was better in that respect.
Your goal is to be able to scan your machine (via nmap), and find
no unnecessary service listening to the outside interface.
IS running nessus from within aimed at eth0 with the outside IP address
equivalent? This is what I did earlier.
Then, build up your firewall scripts.
Connect to the internet and do all the security updates.
A secured Woody as the firewall box should make it viable to run SID
inside the network again, wouldn't it?
Finally, use a security scanner from outside your machine ( I
believe that http://www.grc.com has one [about the only thing
the site's good for, IMHO]).
grc.com is a good start.
http://check.lfd.niedersachsen.de/start.php is more comprehensive,
provided by the Data Protection Registrar of the federal state of
Niedersachsen in Germany.
(For those who want to use it: The first button is to confirm that the
displayed IP address is indeed yours, the second button starts the test.
Page two displays three buttons in the top row "start self-test", "stop
..." and "... WITHOUT ("ohne") SSL" and you can select only a phase 1, 2
or 3 with the buttons beneath.)
BTW, "TIP", the ZIP cartridge testing program from grc.com is excellent.
It checks and if necessary disables flakey sectors on ZIP disks, moving
data to the 10% spare sectors provided on disks for this purpose by
Iomega. Needs to be run from Windows though.
You don't want your security system to consist solely of your
firewall - firewalls are supposed to supplement your defense!
Just my $.02
~ Jesse Meyer