On Thu, 2003-08-14 at 10:36, Derek Smithies wrote: > I want to reduce the chance of this happening to my linux box. > I want to use my linux box to write code, which benefits opensource. > I am not interested in spending days doing sysadmin work. > What packages are there that reliably work to stop this hacking - reliably ?????
Well, once an unauthorised executable hits your system, it's difficult to protect yourself. Some of the current rootkits are very interesting, (see www.phrack.org for some discussion) and difficult to eradicate, as we've seen by this email. Just because Linux boxes don't often get hit doesn't mean it doesn't happen - when they do get hit, they can get hit very hard indeed. For a non-production server, it isn't difficult to wipe and re-install, except that most people have forgotten which packages of interesting things they've installed are depended upon! So, use the firewall on the box and outside the box to allow *only* things that you require. As a minimum, keep up with security patches for network-facing programs. Decent package management helps here, good patches come out quickly and automatically if you trust the package originators :-) For production boxes, you have to spend more time - *know* what should be installed, use something like tripwire to checksum *everything*, and have a re-installation plan. Standby servers are a luxury ... -jim ... who admits to not always practising what he preaches, but won't admit precisely which bits ...
