|
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
|
Re: [PLUG] Hacked linux server
|
On 15/01/02 17:38 -0500, Mike Pflugfelder wrote:
>
> First, how can I go about finding the hole that led me to this problem in
> the first place. I suspect that it was either bind or ssh that did me in,
> but I'm not sure, and would really like to know.
Give me a call and I can try to help you.
>
> Next, what steps should I take to prevent this from happening again.
A couple of things should help...Tripwire, psad, portsentry, Logwatch...etc
Some Good books: Maximum Linux Security and Hacking Exposed (for Linux)
Some Good sites: http://www.bastille-linux.org
http://www.linuxnewbie.org/nhf/intel/security/securehome.html
http://taz.cs.wcupa.edu/~quincy/security.html
Some Lists : bugtraq and focus-linux @ securityfocus.com
And last but not least *vigilance*. Even with all the tools out there you
need to constantly monitor your system.
Good luck,
Jon
>
>
>
> -Mike Pflugfelder
--
*************NOTE NEW NEW ALT. EMAIL!!!!******************
Trooper Jon S. NELSON, Linux Certified Admin. (Sair/GNU)
Pennsylvania State Police
Computer Crimes Unit
Office: 610-344-4471
Page: 866-284-1603 (Toll Free)
Nextel: 610-637-0707 (Private ID 8777)
Alt. email: jonelson@state.pa.us <------------------------
__()___
/ | \
_____/___|_____\______
/ __ (-) __ \
/__/ \____________/ \__\
\__/ \__/
...it's a police car.
______________________________________________________________________
Philadelphia Linux Users Group - http://www.phillylinux.org
Announcements-http://lists.phillylinux.org/mail/listinfo/plug-announce
General Discussion - http://lists.phillylinux.org/mail/listinfo/plug
|
|