If you can determine that the machine has not been hacked then you could bring up the security holes you found to the big-wigs in the following way.

The decision to use Linux was a very good one. Machine X was configured in a way that left it vulnerable to being compromised. However, because it is a Linux box and not a windows box it has not been compromised so far. The techniques for compromising a Linux server are more complex than those used to compromise a windows server. Since the tools for securing a Linux server are much more robust than those used to secure a windows server it will be virtually impossible to compromise the companies network through this server once it has been properly configured.

A little spin can go a long way. :)

Mike

-----Original Message-----
From: Marc Hughes [mailto:hughesm@tomsnyder.com]
Sent: Friday, October 05, 2001 1:53 PM
To: wlug@mail.wlug.org
Subject: RE: [Wlug] Vunerable Machine

On Fri, 2001-10-05 at 13:40, Keller, Tim wrote:
> step 1: Change the root password

Done

> step 2: Remove all those "holy" services

Done

> step 3: Install SSH

Still have to do ... getting weird library conflicts

> step 4: Firewall the machine so that it only accepts SMTP traffic from the
> outside world and SSH traffic from a couple of specific addresses

TODO

> step 5: Use a tool like tripwire to make a snapshot, wait a week, rerun it
> again and see if anything changes.
>

Good, but still, how do I tell if it's already been rooted by 3l33t
h4x0rs?  And I guess an even bigger concern is the office politics
things.  How do I bring this to the big-wigs in a "good" light?

_______________________________________________
Wlug mailing list
Wlug@mail.wlug.org
http://mail.wlug.org/mailman/listinfo/wlug