On 27/06/12 19:18, Seth Vidal wrote: > > > > On Wed, 27 Jun 2012, Dov-el wrote: > >> >> Someone has broken into my fedora 13 machine. Aside from closing >> unused ports on the firewall and router and disabling unused services, >> what should I be doing to harden my set up? Tripwire? AIDE? >> What else? Thanks in advance! >> >> >> > > you should stop running out of date releases like fedora 13. Shut your > system down and reinstall from scratch. > > -sv > > > > -- > security mailing list > security@xxxxxxxxxxxxxxxxxxxxxxx > https://admin.fedoraproject.org/mailman/listinfo/security Also, this is the wrong list to seek support for such an issue from. Further, Seth is right, make a backup, reinstall, analyse backup. Do NOT reuse data from backup, specially web code specific data. This includes databases. Everything on the machine should be deemed compromised. File a law enforcement notice in your country to protect yourself from abuse claims, remove the machine from the network. Keep hard drive untouched in case of forensic analysis (this should be a preferred method over a reinstall on same hard drive) , that your law enforcement department might want to undertake. Any tainted evidence is useless evidence. Also note, that at least in the UK, you are responsible for a safe operation of your system, running a Fedora 13 release, which ended support over a year ago, is hardly fulfilling the requirement. Maybe you should consider using Redhat Enterprise or, if it must be and you do not need support, Centos. otherwise, make sure you maintain your Fedora release in production. This takes a considerable effort and is not for everyone. I run multiple Fedora systems in production and they require constant maintenance. Regards, Tristan -- Tristan Santore BSc MBCS TS4523-RIPE Network and Infrastructure Operations InterNexusConnect Mobile +44-78-55069812 Tristan.Santore@xxxxxxxxxxxxxxxxxxxxx Former Thawte Notary (Please note: Thawte has closed its WoT programme down, and I am therefore no longer able to accredit trust) For Fedora related issues, please email me at: TSantore@xxxxxxxxxxxxxxxxx -- security mailing list security@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/security
