LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 04-17-2002, 11:14 AM   #1
sourian
LQ Newbie
 
Registered: Mar 2002
Distribution: RedHat, Mandrake
Posts: 29

Rep: Reputation: 15
Unhappy private key compromised


Hi list!

If my RedHat 7.2 with tripwire installed says

"private key compromised"

it means that somebody visit me and messed around with my system or that I (by mistake) did something to upset it?

I'm just at the very begining with linux and I would appreciate any help.

Some advice in making my system more secure would be beneficial as well

PS: I have ssh active on my system, and I am running a test server on it with apache, php and mySQL.

Thanks for the time.

Regards,
Sourian
 
Old 04-17-2002, 06:51 PM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,666
Blog Entries: 54

Rep: Reputation: 2952Reputation: 2952Reputation: 2952Reputation: 2952Reputation: 2952Reputation: 2952Reputation: 2952Reputation: 2952Reputation: 2952Reputation: 2952Reputation: 2952
I haven't come across this warning (grepping tru the source), so i'm kinda clueless here.

Did you save a copy of the secret/public keys, policy files and database off-site to have a non-compromisable source to check your system against? Else you've got no trusted footprint for your system. If this is the case you'll need other means to check your system. Check out CERT Intruder Detection Checklist, CERT Steps for Recovering from a UNIX or NT System Compromise and the CERT UNIX Security Checklist v2.0.

Below I'll post my std reply on securing boxen, which should give you some reading material. Feel free to ask as much as you can (preferably after reading as much as you can :-] ).

I hope you made use of a firewall and Tcp wrappers' hosts.{allow,deny}. Unfortunately a firewall like ipchains is a "passive" deterrant, because it does not allow for OTF changing of rules, and the Tcp wrappers will only work for supported servers started by a superserver like (x)inetd.

IMO security comes in basically 3 levels:
- box integrity: setting (shell/pam/access) limits on accounts or disabling unnecessary ones, perhaps use kernel patches like Open Wall (2.2x) or Grsecurity (2.4x) for stack and process protection, disable users permissions to run system tasks or run em tru sudo, finer grained logging, protecting your libraries and binaries by either running em off a read-only mounted partition or else chattr +iu em, and adding (and using) a system integrity detector like Aide, Tripwire, Samhain, chkrootkit. If thats settled check up on system application vulnerabilities, and register for the rhnetwork to be able to run up2date if you don't like manual upgrading. IMO manual upgrading has the pro you can tweak the source, turn features on or off and compile static binaries if necessary. *Some vulnerabilities youve got to live with, like svgalib, for instance.
If this is a firewall, router or server: strip off X, gcc, user shell accounts, any unnecessary services and server apps.

- network security: if you run remote sytem maintenance, run OpenSSH instead of telnet, and limit account access to a few trusted hosts if possible and *dont* log in as root. Use sysctl to change TCP/IP behaviour (/proc/sys/net/ipv*) like forwarding, fragmenting, router discovery etc.
Make sure your firewall rules mirror/are in sync with the Tcp wrapper files, and add detection tru Snort, possibly complemented with an "active" part like Guardian to add firewall rules OTF, and set up cron to do regular reporting, cleaning out "dead" rules, etc. If you use X, make sure it's using Xauth, Xhost and the serverarg "-nolisten tcp" if you're not using it for connection to/from other hosts.

- network application security: Don't run services you don't need, comment em out in (x)inetd.conf, and stop em in your runlevels (SYSV stuff in /etc/rc.d). If you have services that are only used by a few privileged users, limit account access to those. Check your network binaries' configs for possible loopholes. Limit where possible, like if you don't want sendmail to handle incoming attachments of 500Mb or be used as a relay, BIND version queries, procmail/libmilter filters for scrubbing mail-malware, viruses etc. Limit daemon accounts, chroot apps if necessary. Play safe, run "stable" binaries.

Hmm. spose the above lacks overview...
Here's three things to give a bit more overview/make Linux security easier: Bastille Linux, The Linux Administrator's Security Guide and the CERT tech tips on improving security[/url].

The rest of my security reference list is in the second reply here: possibly a dumb(..).

HTH somehow.
 
Old 04-17-2002, 07:06 PM   #3
sourian
LQ Newbie
 
Registered: Mar 2002
Distribution: RedHat, Mandrake
Posts: 29

Original Poster
Rep: Reputation: 15
Thanx for the info, unSpawn. Some things you tell me about I don't understand, but I'll search for them on the internet.

Thanx again.
Regards,
Sourian
 
Old 04-17-2002, 07:42 PM   #4
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,666
Blog Entries: 54

Rep: Reputation: 2952Reputation: 2952Reputation: 2952Reputation: 2952Reputation: 2952Reputation: 2952Reputation: 2952Reputation: 2952Reputation: 2952Reputation: 2952Reputation: 2952
Ok, just don't forget we're here for you ppl, just ask till you can't ask no more :-]
 
Old 04-17-2002, 07:59 PM   #5
sourian
LQ Newbie
 
Registered: Mar 2002
Distribution: RedHat, Mandrake
Posts: 29

Original Poster
Rep: Reputation: 15
Thanx. It really encourages newbies like me to go further. Thanx again.

Regards,
Sourian
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
seahorse on FreeSBIE ( export private key ) shakespeare *BSD 0 04-22-2005 02:29 PM
mod_ssl cannot find a private key ner Linux - General 5 03-23-2004 12:42 PM
if they got my gpg private key...... qwijibow Linux - Security 1 10-21-2003 01:22 AM
rsa private key keysize - how big? koningshoed Linux - Security 2 12-14-2002 04:05 PM
RSA public key encryption/private key decription koningshoed Linux - Security 1 08-08-2002 08:25 AM


All times are GMT -5. The time now is 06:27 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration