Hi, I installed potato three weeks ago, only adding debian-packages with dselect and apt-get. I didn't add much either. The problem was that:
1) I noticed that somebody had logged in to my computer using my username. I can't see how they could have discovered my password (7 letters, containing both lower/upper case and numbers). According to "last" the person only was in for 3 minutes, but I don't know what will show in last and what will not, so he might have been there longer and more often for all I know. I have never sent this password in clear text. (Like e-mail, ftp, etc.) (He logged in as a regular user, not root.) 2) When inspecting /var/log/messages I noticed quite a lot of attempts to send a buffer overflow (or something like that) on the port running rcp.statd. Is there some security hole there I am not aware of? I have removed portmap from init.d to make sure it is not started again. Are there some other services I should be aware of? 3) I couldn't find any "obvious" back-doors, but that doesn't necessarily mean that there were none, so be on the safe side, I re-installed linux, and am now using SSH2.4 from www.ssh.com. Hopefully I won't have to do this again. :-) I am definitely going to install some sort of firewall, are there any recommendations? ipchaining is not supported in my kernel as of now, so I will compile a new kernel when I get the time. But, are there any documentation available discussing recommendations regarding security? (I am not paranoid, but would like it to be as hard as possible to get unauthorized access to my computer) Regads, Runar
