Re: Security basics

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> Jonathan.
>
> ps. You did erase and reinstall your system after it was compromised, right?
>

This is certainly prudent advice.  A good hacker will quickly get a
few back doors installed in case you shut down their initial point of
access (SSH).  They may have created their own user account as well.
You should check the following (and more no doubt), especially if you
are considering not wiping and re-installing a fresh system to ensure
it is clean.  At least this will allow you to exercise some due
diligence.

And you should do these checks from a bootable CD as well as some from
the actual booted OS if necessary.

Examine the .bash_history file for your user and root.  See if the
person tried to su to root from your username.

What other commands did they execute (cp, scp, ftp, wget, useradd,
chmod, chown, path, and many other commands should be cause for
alarm).

Check the /var/secure file for failures and successes in su'ing to
root as well as ssh to root.

Check your path (can't just use the echo $PATH command from a bootable CD).

Check for aliases.

A hacker who cannot compromise the root account can still substitute
some of your favorite commands with hacked commands and then modify
your path or set up an alias so that their command gets executed
before the real one.

Check the .bashrc file for anything suspicious.

Examine your /etc/passwd file for any new user accounts.

Check iptables, /etc/hosts.allow and /etc/hosts.deny


Some of the members on the list will no doubt suggest other things to check.

-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux