If you can determine that the machine has not been hacked then you could bring up the security holes you found to the big-wigs in the following way. The decision to use Linux was a very good one. Machine X was configured in a way that left it vulnerable to being compromised. However, because it is a Linux box and not a windows box it has not been compromised so far. The techniques for compromising a Linux server are more complex than those used to compromise a windows server. Since the tools for securing a Linux server are much more robust than those used to secure a windows server it will be virtually impossible to compromise the companies network through this server once it has been properly configured. A little spin can go a long way. :) Mike -----Original Message----- From: Marc Hughes [mailto:hughesm@tomsnyder.com] Sent: Friday, October 05, 2001 1:53 PM To: wlug@mail.wlug.org Subject: RE: [Wlug] Vunerable Machine On Fri, 2001-10-05 at 13:40, Keller, Tim wrote:
step 1: Change the root password
Done
step 2: Remove all those "holy" services
Done
step 3: Install SSH
Still have to do ... getting weird library conflicts
step 4: Firewall the machine so that it only accepts SMTP traffic from the outside world and SSH traffic from a couple of specific addresses
TODO
step 5: Use a tool like tripwire to make a snapshot, wait a week, rerun it again and see if anything changes.
Good, but still, how do I tell if it's already been rooted by 3l33t h4x0rs? And I guess an even bigger concern is the office politics things. How do I bring this to the big-wigs in a "good" light? _______________________________________________ Wlug mailing list Wlug@mail.wlug.org http://mail.wlug.org/mailman/listinfo/wlug