LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > LinuxQuestions.org > LQ Suggestions & Feedback
User Name
Password
LQ Suggestions & Feedback Do you have a suggestion for this site or an idea that will make the site better? This forum is for you.
PLEASE READ THIS FORUM - Information and status updates will also be posted here.

Notices

Reply
 
Search this Thread
Old 01-14-2010, 02:43 PM   #1
Web31337
Member
 
Registered: Sep 2009
Location: Russia
Distribution: Gentoo, LFS
Posts: 399
Blog Entries: 71

Rep: Reputation: 65
Post Security: A place for investigations of cracked unix boxes


Yesterday I had an idea: maybe it could make good, if hackers around here will join to help sysadmins, who's servers(on UNIX-like systems) were cracked: to find out how it was made and how to prevent that in future.
I described this situation here and would like to hear feedback on this topic: would you mind to help admins of compromised systems to find out the source of problem and maybe find some previously unknown bugs, if everything seems to be correctly and securely configured, though it was cracked anyway?
I suggest to make a special place(say, subforum in "Security") for this kind of discussions. Or, probably, moderators can make a "social group" here, where hackers, willing to help will be helping, and make a sticky post on "Security" forum pointing users with that problem there?
I probably wouldn't asked this if I wasn't caring about forum: say, if we are going to solve each user's problem of that kind in his thread on security forum, we will probably be running from actual topic to investigation: it's offtopic. I think stuff like this needs extra attention and should be located in a separate place, dedicate to that. So it will be easier to search: just search in subforum.
Moderators's comments are most welcome! Do you think it will be useful?
Thanks for your attention, everybody!
 
Click here to see the post LQ members have rated as the most helpful post in this thread.
Old 01-14-2010, 04:15 PM   #2
rweaver
Senior Member
 
Registered: Dec 2008
Location: Louisville, OH
Distribution: Debian, CentOS, Slackware, RHEL, Gentoo
Posts: 1,833

Rep: Reputation: 163Reputation: 163
The general problem with that suggestion is the same as letting any person on the forum onto your machine. They have access to your data. Forensic security often means making duplicate images of the drive you work with instead of the machine itself and distributing that or letting someone else have access to it without proper legal protections and relationships in place would likely cause as many or more issues than it solved.

As a general rule there is quite a bit of good security advice in the appropriate forums and often times people are willing to guide people down the right path to get started in auditing their system after a break in.
 
Old 01-14-2010, 04:28 PM   #3
Web31337
Member
 
Registered: Sep 2009
Location: Russia
Distribution: Gentoo, LFS
Posts: 399
Blog Entries: 71

Original Poster
Rep: Reputation: 65
Sorry i picked up wrong topic: i didn't mean to let forum members to your computer, I meant exactly what i wrote on my blog entry, no more. Admins are not meant to allow access to cracked boxes: admins are meant to post logs/etc of what we ask: that's kinda safe(moderators and other members are around, i guess noone will make a bad advice). No private data required.
Also computers must stay offline as I noticed in blog entry.

Last edited by Web31337; 01-14-2010 at 04:30 PM.
 
Old 01-14-2010, 04:50 PM   #4
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,367
Blog Entries: 54

Rep: Reputation: 2867Reputation: 2867Reputation: 2867Reputation: 2867Reputation: 2867Reputation: 2867Reputation: 2867Reputation: 2867Reputation: 2867Reputation: 2867Reputation: 2867
Unknown to you we already have a group of members who deal with breaches of security: Hangdog42, slimm69, Unixfool, win32sux and me. If you have any doubts about their theoretical knowledge or practical experience please read incident handling threads back to say 2001. If you have any specifc questions regarding incident handling you're cordially invited to email me.
 
3 members found this post helpful.
Old 01-14-2010, 06:55 PM   #5
Web31337
Member
 
Registered: Sep 2009
Location: Russia
Distribution: Gentoo, LFS
Posts: 399
Blog Entries: 71

Original Poster
Rep: Reputation: 65
Not really unknown, and, of course, I don't doubt anyone's skills, unSpawn, how could you thought that? :D
I was just thinking about it's a good idea to have a place here dedicate to this kind of questions. Place that is seen right from a "Security" forum: better search and visibility.
 
Old 01-17-2010, 03:53 AM   #6
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,367
Blog Entries: 54

Rep: Reputation: 2867Reputation: 2867Reputation: 2867Reputation: 2867Reputation: 2867Reputation: 2867Reputation: 2867Reputation: 2867Reputation: 2867Reputation: 2867Reputation: 2867
Right now I don't see a sub-forum as necessary or making things easier. There'll be approximately one to four (perceived) security incidents reported per month (as in low volume) out of which half fails to sufficiently support claims to get any meaningful investigation going (so actual start-to-finish ones will be even less). As far as all things off-topic are concerned that's basically the moderators call. We have no problem facilitating off-topic discussions, as long as they related to Linux Security and are based on facts, by pruning then off a thread and creating a new one for it. The basic problems the forum faces when it comes to dealing with breaches of security are 0) OP's who say "I think" (instead of using the right tools) or don't pursue the case, 1) drive-by posters who don't commit themselves in staying with the OP to help solve the case but rather say stupid things like "don't worry", "not an issue" or call the OP "overly paranoid" without properly explaining the what and how of things and 2) at times a lack of structure leading for instance to me making a post like this. I hope from that you'll find that at LQ we care and that we take incident handling seriously. If you have any other suggestions you're cordially invited to discuss them.
 
1 members found this post helpful.
  


Reply

Tags
security


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
boxes are rendered in place of font when i start my kde after compiling it aditya_gpch Linux From Scratch 2 06-30-2008 05:12 AM
Export DISPLAY works from linux boxes but not from unix. yoder Solaris / OpenSolaris 3 04-28-2005 06:58 AM
Export DISPLAY works from linux boxes but not from unix yoder Red Hat 3 04-27-2005 08:26 AM
cracked or not cracked (tripwire & chrootkit) ddaas Linux - Security 1 04-27-2005 07:29 AM
Best place to get a computer to try Unix on? OlRoy *BSD 7 01-17-2005 08:27 AM


All times are GMT -5. The time now is 01:21 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration