Re: pop3 attack

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On Tue, Dec 09, 2008, Chris Boyd wrote:
>
>On Dec 9, 2008, at 2:33 PM, Bill Campbell wrote:
>
>> Once the cracker finds an account with a guessable password, they  
>> may well
>> be able to get access to your system as that user via ssh, webmin,  
>> usermin,
>> or other means.  Given shell access, the cracker can install user- 
>> level IRC
>> servers or gain root access via exploits that only work for local  
>> users.  I
>> have seen cases where crackers were able to change user shells and  
>> other
>> information via usermin or webmin by exploiting vulnerabilities in  
>> system
>> utilities thus gaining access to the system.
>
>You can keep compromised accounts from logging in via ssh with the  
>"AllowUsers" option in your /etc/ssh/sshd_config file.  Add that  
>option followed by a list of user names that you want to be able to  
>log in, ex:

By the time you know the user has been compromised, it's too late.

We normally don't allow password authentication with ssh,
requiring authorized_keys.  In the cases where we have to allow
password authentication, we severely restrict ssh acces using the
/etc/hosts.allow file.

Bill
-- 
INTERNET:   bill@xxxxxxxxxxxxx  Bill Campbell; Celestial Software LLC
URL: http://www.celestial.com/  PO Box 820; 6641 E. Mercer Way
Voice:          (206) 236-1676  Mercer Island, WA 98040-0820
Fax:            (206) 232-9186

Basic Definitions of Science:
    If it's green or wiggles, it's biology.
    If it stinks, it's chemistry.
    If it doesn't work, it's physics.
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux