Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Hi Folks,
I am under the impression that my linux box has been compromised. I am not really a network admin guy, my root password was toor for some period of time.
The reason I suspect this is that I am no longer able to login as root anymore. I dont have anything important on my box. (Red Hat Linux 8) SO I have decided to format the linux partition.
My questions are
1) Would it be possible that my box has been used for some sort of foul play. In that case, what should I be worried about?
2) How does an attacker gain hold of my root password?
Distribution: debian, gentoo, os x (darwin), ubuntu
Posts: 940
Rep:
physical access to a lot of linux pc's is enough to gain root access, you dont even need the root password and there are still a few ways of how to change the root password.
ssh would be the least likely way an attacker would use gain access to your pc through.
other apps (which in most cases are not patched or correctly secured) can be more vulnerable than ssh.
being connected to the internet 24/7 with an incorrectly secured pc is a vulnerability.
unfort. you have erased any data that could have been used to really verify if you system had been cracked.
in most cases, you gain root access without a root password.
make sure you have a descent root password. block incoming traffic on ports you do not want to be open.
a good think is to start of with blocking everything incoming, and allowing RELATED, ESTABLISHED (this means, all that you request, comes back into your system) this ensures connections cannot be established from the outside (this is not 100 percent secure, but will stop all attackers that 'just for fun' would want to crack your system - all black-hats that could still crack your system, will rather want to spend time cracking something where they gain a benifit from!)
important:
- never erase your log files!!
- keep backups of /etc stored elsewhere (ie. cd/floppy/sd/mmc...)
- make sure shadow is chmod 620 and chown root:shadow
- also passwd should be chmod 622 and chown root:root
- dont use sudo. if you must though, read the man page and secure it, so no user has rights in a sudo env. to change root's passwd.
- check you do not have unknown users in your system... do this by copying passwd and comparing the copy with the original.
- check your logs
it is not good idea to use redhat 8.0 for security reasons. it is an old distro and not updated. i can suggest centos ( www.centos.org ), it is almost same as RHEL, surely u wont have redhat support.
Thanks for your help folks. My system I use only for browsing the internet. Nothing else. I actually use a dialup to connect to the internet. Since the other user I created could not dialup, I used the root login to dialup. Everything was fine, until one day, I could not login as root.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.