I'd say:
1) Subscribe to the redhat-announce-list
2) Use http://mindit.netmind.com to track any changes to both
a) http://www.redhat.com/support/errata/rh61-errata-security.html
b) http://www.redhat.com/support/errata/rh61-errata-bugfixes.html
That way you should be among the first ones to know about any fixes
published by RedHat, which in turn will keep you relatively up to date.
Then of course, you have to 'immediately' do the updates of your system.
Takes a lot of time? Well, ask those having been compromised what takes
more time. To keep up to date with the fixes or to re-install
afterwards?
IMVHO, it cannot get repeated too many times. Install a firewall. Do it!
Don't just think that "Yeah, I probably should". Do it!
There are commercial firewalls for those seeking the ultimate. Still, my
personal experiences with the free ipchains firewall are nothing but
positive. I know that it can, is and will be even more improved. But as
long as you want to run free software, ipchains is the answer.
So do it! Even if you connect to an ISP via dial up as little as an hour
a week. If you're unlucky, the pimple guys will need no more than a few
minutes and your system is totally compromised. As some have noticed,
it's not even evident that the system is broken.
And, my personal advice: When installing a firewall, if ever possible,
start by DENY'ing *everything*. Your own, legitimate, traffic will
brake. Then allow, piece by piece, what needs to work by carefully
allowing those packages going through the firewall. And one thing more.
Log everything DENY'ed. You do want to see what's DENY'ed.
Take it one step further. Install portsentry. That way you will be
warned of most port scan attacks. Port scans are the front troops,
recognizing the terrain before the heavy artillery comes in. You'd like
to know that something is coming. Besides, portsentry will update your
hosts.deny to explicitly deny those IP addresses scanning your box for
open ports.
Just my little coin (choose currency as appropriate) to the debate.
Best regards
Gustav
P.S. I sincerely feel with the guys having been 'violated'. And I hope
it won't happen to me.
Jason Hirsch wrote:
>
> Actually-
>
> Altavista.comt - ADMROCKS- no hits.
> Lycos.com - ADMROCKS- no hits.
> excite.com - ADMROCKS- no hits.
>
> I think you get the point-
> Redhat.com, linuxgazette.com- no hits.
>
> Not exactly alot of fun if I want to actually attack my own box to see if
> i'm proof....
>
> I like it when I buy MS products. I get a brand new CD with the latest
> fixes. Run it once, it's up. (i've been thru this before). People ask
> here, they get insulted and told they 'should have known' what to do.
> Bit rough when you don't know. Sorry for the opinion.
>
> Jason
>
> ----------
> Jason Hirsch, ChemEng/Chemistry
> Make it myself? But I'm a physical organic chemist!
> Visit the Dorm Room Life may never
> http://icdweb.cc.purdue.edu/~hirsch Give us another
> [EMAIL PROTECTED] Chance to do right.
>
> On Wed, 1 Mar 2000, Brian wrote:
>
> > On Wed, 1 Mar 2000, Ed Lazor wrote:
> >
> > >
> > > Through this process, a few things have come to mind. Is there someplace
> > > I could have gone to do a search on ADMROCKS to discover this hack? Also,
> > > does RedHat have a mailing list that announces when updates are released
> > > to fix problems like this?
> >
> > you could have searched at just about any search engine (lycos, excite,
> > google, altavista, etc, etc) and turned up information on this hack and
> > just about anything else for that matter.
> >
> > deja.com is good as well.
> >
> > >
> > > -Ed
> > >
> > >
> > > --
> > > To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
> > > as the Subject.
> > >
> >
> > -----------------------------------------------------
> > Brian Feeny (BF304) [EMAIL PROTECTED]
> > 318-222-2638 x 109 http://www.shreve.net/~signal
> > Network Administrator ShreveNet Inc. (ASN 11881)
> >
> >
> > --
> > To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
> > as the Subject.
> >
> >
>
> --
> To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
> as the Subject.
--
pgp = Pretty Good Privacy.
To get my public pgp key, send an e-mail to: [EMAIL PROTECTED]
Visit my web site at http://www.schaffter.com
--
To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
as the Subject.
