On Thu, May 02, 2002 at 02:33:32PM -0400, Jianping Zhu wrote: > I have a linux machine (with redhat 7.2 os and name is chambleea) running, > but today the > unvivesity sytem administrator sent me email in which he told me that > somebody > outside the campus complaint that my linux machine was trying to attack > his machine . But i did not do it, and I do not know how to do it. > Can somebody gave me some hints how can I figure out what is going on. > (My linux box have to be disconnected form the network now!!!)
First question: Have you been applying all the security updates that Red Hat has been releasing? If not, then you probably have been hacked. It's no different than running Windows as a server - out of the box these days, they're very vulnerable to being hacked - the hackers have tools that easily exploit known holes, and you were probably probed within an hour of you coming on the network. If you were not applying updates and the administrator can tell you what kind of hacks were done (in other words, he needs to convince you somehow that he's sure it's you), then you need to do a fresh install, immediately apply all the security updates - BEFORE you even start xinetd - and then work on closing down ports you don't need. Don't even install a telnet or ftp server - use ssh/sftp for everything so at least your password is encrypted. Make *really* sure you edit sshd.conf and disable root logins and only allow ssh v2. Do not let any time pass before you run rhn_register and configure up2date. Make sure you get regular e-mail updates for security announcements and run up2date regularly to apply them. Don't feel bad - you're not the first person to be hacked, and you won't be the last. Just learn from your mistakes and tighten your new install down so it doesn't happen again. -- Ed Wilts, Mounds View, MN, USA mailto:[EMAIL PROTECTED] _______________________________________________ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
