And don't forget: While Interviewing Tor^Hny Blair, after a spiel of five minutes of crap about how such a thing was happening and improving he calmly replied...
"Excuse my Denseness PM, but was that a yes or a no?"
If I remember correctly it was hacked thru ssh, but only when sshd had been compiled with kerberos support. There was loadsa confusion over it all, with IBM (I Blame Microsoft) pre-emptively releasing an advisory before the full facts were known. I think it was only the 1.2.x proggies that were affected, but don't hold me to it.
Not only those: imagine the following _extremely_ real life scenario: There's a sniffer running an machine a. b is a production machine. 1) Bob log's in remotely as root, the sniffer captures the first 512 bytes and lo and behold, knows he can log in as r00t and also has the passwd. 2)Jef logs in as jef. Checks his mail, and the su's to root. The sniffer only captured his original passwd, and not the rewt account. Sure, he can get access, but getting r00t privs is a little harder for the attacker.
inetd spawns services as defined in/etc/inetd.conf, so if you have something like imap in it, then when inetd hears a connection on 143 it will run the associated service, eg it will run imap. Most web servers (high load at any rate) run as standalone daemon. If it's just a webby box, then you probably don't need inetd (apart from running telnetd if you are st00pid and don't like the idea of ssh.)
1st up, decide what the machine is going to do. Is it juts gonna be a web server? kill inetd and ensure it never runs again. Is it going to be used as a NFS server? kill all NFS daemons (rpc.* is usually a good start..) Is it going to shift mail about? Kill sendmail.
Everytime you think you have killed something portscan your computer. You'd be amazed at how some stuff just keeps on appearing from nowhere...
Seriously, linux is pretty bad outta the box. Try OpenBSD or NetBSD for security, I'm not overly familiar with FreeBSD but I assume that's OK too. The only reason I'm saying this is that you NEVER need everything Linux distro's supply with a full install. There's 1024 priviledged ports on a machine, and linux seems to want to open every damn one...
Don't EVER install more than you need. If you aren't going to send and recieve mail on the machine, why run or install ANY mail software. Never gonna need FTP? Why install it? This saves disk space which is alway's a bonus and also limits the number of exploitable programs.
The simplest rule to follow is:
1) Need it? Leave it running 2) Know ya don't need it? Turn it off. 3)Don't know what it is? Kill it with extreme prejudice. You'll never know what it was, but at least some 3r33t hax0r won't exploit it...
Use SSH if ya must login. NEver create more than the bare minumum of accounts you need. Run FTP if you must for access on a mad port, a really high port which is unassigned.
And kidz. It's not cool to break into this guy's server just because you think he doesn't know what's going on...
Slashdot Mirror
Nah!
exceptio probat regulam in casibus non exceptis
And this has what to do with the price of fish?
And don't forget: While Interviewing Tor^Hny Blair, after a spiel of five minutes of crap about how such a thing was happening and improving he calmly replied...
"Excuse my Denseness PM, but was that a yes or a no?"
JURASSIC PARK. Apologies for those who think I'm an AOL user with a caps key...
If I remember correctly it was hacked thru ssh, but only when sshd had been compiled with kerberos support. There was loadsa confusion over it all, with IBM (I Blame Microsoft) pre-emptively releasing an advisory before the full facts were known. I think it was only the 1.2.x proggies that were affected, but don't hold me to it.
Why not ask Kit Knox?
Here's one:
Services running from inetd are slower than their standalone counterparts.
Try running sshd in standalone mode, and try logging in several times. Now try the same thing spawned from inetd.
Not only those: imagine the following _extremely_ real life scenario: There's a sniffer running an machine a. b is a production machine. 1) Bob log's in remotely as root, the sniffer captures the first 512 bytes and lo and behold, knows he can log in as r00t and also has the passwd. 2)Jef logs in as jef. Checks his mail, and the su's to root. The sniffer only captured his original passwd, and not the rewt account. Sure, he can get access, but getting r00t privs is a little harder for the attacker.
inetd spawns services as defined in /etc/inetd.conf, so if you have something like imap in it, then when inetd hears a connection on 143 it will run the associated service, eg it will run imap. Most web servers (high load at any rate) run as standalone daemon. If it's just a webby box, then you probably don't need inetd (apart from running telnetd if you are st00pid and don't like the idea of ssh.)
1st up, decide what the machine is going to do. Is it juts gonna be a web server? kill inetd and ensure it never runs again. Is it going to be used as a NFS server? kill all NFS daemons (rpc.* is usually a good start..) Is it going to shift mail about? Kill sendmail.
Everytime you think you have killed something portscan your computer. You'd be amazed at how some stuff just keeps on appearing from nowhere...
Seriously, linux is pretty bad outta the box. Try OpenBSD or NetBSD for security, I'm not overly familiar with FreeBSD but I assume that's OK too. The only reason I'm saying this is that you NEVER need everything Linux distro's supply with a full install. There's 1024 priviledged ports on a machine, and linux seems to want to open every damn one...
Don't EVER install more than you need. If you aren't going to send and recieve mail on the machine, why run or install ANY mail software. Never gonna need FTP? Why install it? This saves disk space which is alway's a bonus and also limits the number of exploitable programs.
The simplest rule to follow is:
1) Need it? Leave it running
2) Know ya don't need it? Turn it off.
3)Don't know what it is? Kill it with extreme prejudice. You'll never know what it was, but at least some 3r33t hax0r won't exploit it...
Use SSH if ya must login. NEver create more than the bare minumum of accounts you need. Run FTP if you must for access on a mad port, a really high port which is unassigned.
And kidz. It's not cool to break into this guy's server just because you think he doesn't know what's going on...
UNKLE please!