On Fri, Aug 16, 2002 at 08:22:36AM -0500, Jim Crippen wrote: > I'd start with the FTP or WWW logs. It's not hard to get hacked through > your FTP server.
Boot off a CD first and don't run any software that is on the hard disk, that way you know any trojaned utilities are not messing with your ability to look around for clues. And consider your machine as a complete turncoat. For example, did you ever login to another machine from the cracked one? Assume that password has been sent back to some bad guy. Did you ever type any password or other sensitive information on the cracked machine? The bad guy might have it. I recently rebuilt a machine. I had no reason to believe that the old machine had been cracked, but I still treated it like it was diseased. I could copy data files off it, but I did not copy any executable (or source) files from it. I didn't log into the new machine from the old one. I didn't reuse passwords. Once you have looked around to see what has been done, rebuild your machine carefully. Use original CDs. The Red Hat 7.2 and 7.3 default installations are pretty good, but look over what you have running and turn off things you don't need. For example, if you can live without telnetd, leave it off. (Use ssh.) If you can live without ftpd, leave it off too. (Use sftp, which works off of ssh.) Finally, 7.2 and 7.3 *have* security holes! It wasn't so bad when each first came out (the holes were not yet known), but now many are known. Immediately get the updates from ftp://updates.redhat.com, and install them. New holes will continue to be discovered, so check for updates very frequently. Consider using Red Hat's update service, it costs money but makes it all easier. -kb -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
