l i n u x - u s e r s - g r o u p - o f - d a v i s
L U G O D
 
Next Meeting:
January 6: Social gathering
Next Installfest:
TBD
Latest News:
Nov. 18: Club officer elections
Page last updated:
2005 Feb 16 09:48

The following is an archive of a post made to our 'vox-tech mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox-tech] lugod.org cracked?
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox-tech] lugod.org cracked?



Quoting ME (dugan@passwall.com):

> You will want to down the box and run some integrity checking scripts to
> verify the applications installed are from the packages you have
> installed.

Rod is certainly qualified to choose his own poison, but this is what I
did:

o  Bring down system.  Secure best copy of data files and reference 
   snapshot of /etc.  Double-check that inventories of installed packages, 
   installed-package versions, and "fdisk -l /dev/sd?" output are
   correct and useful.
o  Blow away contents of all hard drives.
o  Recreate minimal system using trusted installation media.  Study
   and adjust security policy.
o  Build up installed packages, as desired.
o  Adjust /etc/passwd, /etc/group, /etc/shadow, /etc/gshadow to add
   back users, but with their access disabled.
o  Copy back user data, except without dotfiles or ~/bin contents.
o  Copy back system data files (e.g., /var/www, /var/mail, /var/news).
o  Recreate system services, with visual reference to prior /etc
   contents, but without reusing any of those files.  (Like all prior
   libs and executables, they are presumed compromised and cannot be
   trusted.)  Regenerate SSH host keys.
o  Re-enable user access, and arrange for their new access without
   honouring any prior security tokens, via out-of-band communication.

I would not recommend to anyone, at any time, that a root-compromised
system merely be "checked" and left running without a rebuild as above.  
That is nothing like a suitable or adequate remedy, in my view.

> Is lugod.org running an file integrity checker?

Some of my thoughts, on that:
http://linuxgazette.net/issue98/moen.html

_______________________________________________
vox-tech mailing list
vox-tech@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox-tech



LinkedIn
LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
facebook
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
Sunset Systems
Who graciously hosts our website & mailing lists!