An Interesting read for Linux server admins:

Status
Not open for further replies.

praka123

left this forum longback
It is very rare that your Linux PC which you use as a Desktop will get compromised especially if you do not run any services like a web server, mail server and so on. More over many modern Linux distributions like for example Ubuntu, targeted at the end user ship with all the ports closed by default. And others like PCLinuxOS bundles with it a robust firewall. So it makes the job of an intruder all the more harder to crack into your machine.


But suppose after all the precautions you take, some resourceful cracker succeeds in finding a loophole and hacks into your machine, how do you detect that your machine has been compromised in the first place?


Lars has written a step-by-step process by which he ascertains that a Linux server run by his friend has been compromised by an intruder. His findings throw light on what you can expect and the steps to take when you are suspicious of getting your machine rooted.


The server was running a fairly updated Ubuntu 6.06 LTS. He goes on to conclude that the compromise could have been caused by :
  1. An exploit unknown to the public.
  2. A user accessing this server from an already compromised host. The attacker could then sniff the the password.
Read this very interesting article which throws some light on the actions of a hacker.

source:
*linuxhelp.blogspot.com/2007/08/how-to-find-out-if-your-linux-machine.html

article :read here:
*blog.gnist.org/article.php?story=HollidayCracking
 
OP
praka123

praka123

left this forum longback
btwn dont have servers-but i got rkhunter installed which hopefully detects spreading ones.
 

Yamaraj

The Lord of Death
There is a reason why Fedora/Red Hat/CentOS ship with SELinux and SUSE with AppArmor. It's high time Ubuntu started doing the same.
 

infra_red_dude

Wire muncher!
i agree yamraj, i think ubuntu and related distros should include se linux or come up wid something of their own. its high time now....

thanks for the article, prakash :) it sure is thot provoking. ubuntu users should be wary of this....
 
OP
praka123

praka123

left this forum longback
Maybe Debian too shud be counted.but there is always the SE linux option in Debian & ubuntu(via apt).yeah it needs to be integrated.
though i am confused with PAM(pluggable authentication module) :?
 
Last edited:

mehulved

18 Till I Die............
praka123 said:
btwn dont have servers-but i got rkhunter installed which hopefully detects spreading ones.
I doubt it will be too useful. A good hacker/cracker will try to modify all such tools to hide their tracks. So, a better idea is to check for rootkits from a live cd. But, how useful that is, I am not so sure. From what I've read it's not that promising.
 

kalpik

In Pursuit of "Happyness"
infra_red_dude said:
i agree yamraj, i think ubuntu and related distros should include se linux or come up wid something of their own. its high time now....

thanks for the article, prakash :) it sure is thot provoking. ubuntu users should be wary of this....
Yeah.. The next version of Ubuntu (Gutsy Gibbon) would include AppArmour by default :)
 
Status
Not open for further replies.
Top Bottom