Hello,
I have some questions that maybe someone could help
with.
I leased a new server, and redhat 6 .2 was put as the
operating system Shortly after that the machine was hacked. Apparently the
machine was a peach because the hackers used the server to launch DOS attacks
from. The high output hit 44MBS !
Well, the company did not explain how, or why it
happened. The programmer I work with suggested BSD.Of course I wanted
security!
Well, I told the Network admin that I wanted some
security because I thought the hackers would come back. He said, well, when we
put you on a 10 pipe, (of your 10-100) the attacks stopped, so I don't think
they will come back as they know they are detected.
Also, in 98% of the cases they just move
on.
Well I didn't really think this was all that well
thought out, and ripe for abuse, but what could I do? So I told them to leave
the 10mbs pipe on for a few days in case they come back.
Well guess what? They came back! Just a few hours
later, and attacked with the 10 mbs pipe. And it took way longer to detect! Of
course. At 44 mbs they detect it right away.
So, when is the network guy gonna do something
smart?
Well, they gave me some explanation that the server was
hacked at the xfs port. But later I was told that the ftp port on redhat 6.2 was
the vulnerability, so they actually were not sure? They did little to tell me
what to do either, other than to "Clean up".
We decided best was to start over rather than look for
back doors etc.
So this is when we had the network people install
Freebsd. And where my questions lie.
Well, They didnt put a smp in the kernal, it was a dual
processor. We fixed that, but the programmer I work with noticed that the files
were not right. We have (2) 9 gig hard drives, and one had 8.3 gigs of space in
/home, The other had 18 mb in / and
/var had 19 mb /usr had 7.2 gigs
.....
So, we were told that this is a normal out of the box
configuration for Freebsd. Does that make sense?
I do not know.
But I need to know if my programmer is not really
understanding the files and how they are used in Freebsd, Or if the Network guys
made a mistake, and are thinking we won't catch it.
Because...the network guys suggested we try (well at
first one guy agreed and said, yeah, those files and partitions don't look
right, I agree with your programmer) ...so he suggested that we do the
following:
/ 48 mb -- 18 free
/var --19 mb /usr -- 7.2 gig drive 2 /home 8.3 mv /usr/* /usr/usr cp / /usr cp /var /usr reload boot software and edit /usr/etc (after copy) to make /usr / -- Well, when our guy logged in and did that it shut his connection down. The computer just kept looking for a getty file. So his copy probably messed with the connection when the connection info was moved...or something I was told by the network guys. Well, I am not a program or a system guy.. But I am
thinking that I, or we are not totally at fault with what happened here,and
should not have to pay for a re install.
So, could you comment and expand where possible on the
following, it would be appreciated, and we could then have an idea what to do as
well.
1).Does the network have any obligation to lock down a
server, before they hand it over? They have been hit by 10 such attacks since
mine and have changed the strategy to locking the systems down.
2).Does the file and partition system look ok for a 2
drive Freebsd install? We mainly want to use 1 hd and have one for back up of
the first.
3). Is the following a system that defeats the purpose
of Freebsd, or is not a good way to use it?
*Not from programmer
Tell them to set up the drives as follows:
___1 paritition per drive___ drive 1 mount to / drive 2 mount to /mnt/backup Ok, well I guess I have confused you
enough.
Please forward any ideas you may have on
teh subject.
Thanks
D Muller
|
- Re: Is this how to use Freebsd? Don Muller
- Re: Is this how to use Freebsd? Alfred Perlstein
- Re: Is this how to use Freebsd? Daniel C. Sobral
- Re: Is this how to use Freebsd? Alfred Perlstein
- Re: Is this how to use Freebsd? Gregory Sutter
- Re: Is this how to use Freebsd? Renaud Waldura
- Re: Is this how to use Freebsd? Moritz Hardt
- Re: Is this how to use Freebsd? Rik van Riel