"Nigel Henry" <cave.dnb2m9...@aliceadsl.fr> wrote: > How do rootkits get installed on your machine? ... Would you have to > have an Internet accessable webserver, or ssh server available?
> Would it be by having a cavalier attitude ... I would have thought > that you'd have to do something a bit foolish like running the > machine as root ... but I may well be wrong. I'd say that rootkits can happen to anyone, with the possible exception of serious security mavens who devote a lot of time and energy to locking down the box. I have had three boxes 'kitted over the years. Two were running older versions of Fedora, one was an early Red Hat. All were standard installs with basic LAMP stacks added. All had been lightly hardened (unneeded services shut down, ssh locked down etc). The lesson that I take from this is that some and perhaps all Linux distros 'out of the box' contain security vulnerabilities that allow them to be owned by a savvy attacker (I had a FreeBSD box that ran for more than three years without ever being compromised, but that had been expertly locked-down by someone else). Each of the boxes was _more_ secure than the standard install, but both ended up being owned. The FC6 box was compromised within a couple of weeks of being set up, while the FC7 box held out for about a year. I was not able to identify the means that the attackers used to drop a rootkit on the boxes, but I'm pretty confident that it wasn't because I did any of the bone-headed things that you describe. My guess is that the exploits used a known vulnerability in either the distro or in some of the very standard and widely-used software (Apache, MySQL, PHP) that had been added. Incidentally, in the case of the Fedora compromises, rkhunter was installed and successfully detected the intrusion. The experts on this list will correct me if I'm wrong, but my take on this is that compromises needn't be due to sloppiness on the part of the administrator. It's simply that standard installs are not inherently secure. If you want to stay secure on the Internet, you need to go the extra mile and devote serious time and energy to locking the box down. Angus ------------------------------------------------------------------------------ Create and Deploy Rich Internet Apps outside the browser with Adobe(R)AIR(TM) software. With Adobe AIR, Ajax developers can use existing skills and code to build responsive, highly engaging applications that combine the power of local resources and data with the reach of the web. Download the Adobe AIR SDK and Ajax docs to start building applications today-http://p.sf.net/sfu/adobe-com _______________________________________________ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users
