|
All,
I have installed a redhat 7.2 box in a local school
system. Its functions include:
Servers:
FTP
HTTP
SSH
DHCP
DNS
Email
I have discovered someone created a user account
with the home dir of /var/.bash2
they granted themselves group member of a pricipal.
i noticed three files in their home dir of what appears to be a root exploit
called dr. dolittle. i have not heard of this exploit. anyhow, i disabled the
account.
i was curious as to how to prevent this from the
future. i suspect it is a student causing this. i am wondering if i can disable
the shell access to all except a select few. will this cause problems with email
services, etc?
will this prevent users from getting to a shell to
run these exploits?
any help would be greatly
appreciated.....
thanks
daniel kuecker
|
- Re: [sclug-general] security Daniel Kuecker
- Re: [sclug-general] security dax wood
- Re: [sclug-general] security Daniel Kuecker
- Re: [sclug-general] security dax wood
- Re: [sclug-general] security Daniel Kuecker
- Re: [sclug-general] security Brion Hase
- Re: [sclug-general] security Daniel Kuecker
- Re: [sclug-general] security Brion Hase
- Re: [sclug-general] security Daniel Kuecker
- RE: [sclug-general] security Jeromey Hannel
- Re: [sclug-general] security Mike Schieuer
