Re: Another Fedora decision

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On Mon, February 2, 2015 5:34 pm, Always Learning wrote:
>
> On Mon, 2015-02-02 at 16:30 -0600, Valeri Galtsev wrote:
>
>> RedHat doesn't like poorly administered machined with RHEL linux get
>> hacked, then many voices saying saying in the internet: RHEL Linux is
>> not secure, RHEL Linux machines are getting hacked. Even though the
>> reason is not what it sounds like.
>
> What is the reason RHEL machines are being hacked ?
>

I assume, you may have your own list but once you asked I'll mention off
the top of my head what I've seen (no, these are not happened on machine I
administer - knocking on wood ):

1. machine compromised elsewhere, user password (via keylogger or
malicious ssh client) or secret key gets stolen; cyber criminal connects
to my server with credentials on my user

2. after he is in: elevation of privileges through some local exploit. As
I tend to have nothing to be exploited on multi-user machines (and run
them under assumption bad guy is already in), this normally doesn't happen
to me, but I help sometimes to sweep up mess and do forensics when that
happened to someone

3. Independent on the above: just blunder when you are doing
administration. I have seen admin helping a user (who was on the phone)
change his password. And he accidentally in

passwd username

stuck enter between the above two words (!). Which ended up in changing
root password on machine to very weak one he passed that person over the
phone. When that didn't work (good hint that that was not that user's
password that was changed!), he just changed it again. Then intruder just
walked as root through open door (that weak password was one of the top
four in cracker's dictionary).

4. Not updating the system, or having vulnerable services - I have seen
these as well

5. Weak root password should be on the list, but practically only the ones
on the top of password cracking dictionary are... Anyway, I do (or I like
to think that I do) have strong root passwords. Nevertheless, I always
have measures to thwart dictionary attacks from the network (as some of my
users may have weak passwords, not the ones on the top of dictionary
though I bet)

... This list goes on, someone can continue. Most of what I see (like the
list above) I would classify as poor system administration. The last has
nothing to do with how well RedHat puts together and patches their system.
So I can understand them being less than willing to have RHEL hacked due
to that. However, to think that you can force one to maintain his system
well is utopia. So, even though I understand their reasons, I am sceptical
they will find panacea.

Valeri

++++++++++++++++++++++++++++++++++++++++
Valeri Galtsev
Sr System Administrator
Department of Astronomy and Astrophysics
Kavli Institute for Cosmological Physics
University of Chicago
Phone: 773-702-4247
++++++++++++++++++++++++++++++++++++++++
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos




[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux