Well, I did do a reinstall today, and got the patches from Redhat for the
wuftd and a few more things lying around on my machine. I have still
decided to keep with Redhat and have not yet checked Bastille linux out.
It looks better since.. the only logs are mine. Thanks to you all on the
helop and guidance, and I will keep you posted if anymore of such
occurances arise.
-Karthik.
On Sat, 8 Jul 2000, Christoph Hammann wrote:
> what you propose is, as usual, all correct, and if you really know what
> you're doing you can even make a sysstem safe in this way
> _while_it's_running_. But Karthik said that he has little experience using
> Linux, and truth be told, you need a lot of experience to do that right.
> If you read down the thread, you'll see that I explicitly warned
> against a
> simple reinstall. Sure, Icould have been more verbose concerning the means
> to make his computer safer, but I hadn't the time for epic e-mails
> yesterday (I work for a living at that local time) and found it most
> important that he gets the machine off the net and examines the damage
> done. The attacker in his case seems to have used one of the many
> vulnerabilities of a FTP server (ProFTP and wuFTP have both been shown to
> present root exploits to the world during the last few days). I proposed
> OpenBSD as an alternative because there, the ports you mentioned are
> _closed_ by default after a vanilla install. Not very user-friendly, but
> safer. Someone proposed reinstalling to wipe out all the damage the
> attacker has done (otherwise, would you ever be sure you got _every_
> patched executable?) and hardening the new RedHat install with Bastille
> Linux. I think this is a good idea. Bye, Christoph
>
-------------------------------------
The universe is like a safe to which there is a combination -- but the
combination is locked up in the safe.
-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to [EMAIL PROTECTED]
Please read the FAQ at http://www.linux-learn.org/faqs
