Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Originally posted by doris
()My question is how this happened. My computer is behind a linksys router and the router functions as a firewall using NAT (Network Address Translation).()
Do you allow for any services (telnet, ftp, smtp, dns, rpc, http, etc etc whatever else) to be reached behind the Linksys? Any service accesable by outside 'net users may serve as a target.
In short, check the CERT docs earlier in this thread, disconnect the box from the network, restart with a bootable cd with emergency shell (your distro's cdrom) and run chkrootkit. If you find evidence your box was compromised, save your *human readable* data (no binaries) and re-install from scratch, preferably a recent distro version.
Set up your system again using different passwords, harden your distro using Bastille-linux(.org) or from the links below, keep up with application vulnerabilities tru your vendors or general mailinglists, add some form of file integrity checking like Aide, Tripwire. Add some form of intrusion detection preferably Snort not Portsentry.
Originally posted by MartBrooks
()"firewall" is a much overused and much misunderstood term()
I agree it's being viewed somewhat like a Holy Grail of protection. Whatever is not denied passing tru the fw can harm the system, and when the cracker has a foothold the box *will* be 0wned in no time.
Hardening/securing the system and kernel should be promoted more I guess...
In secure log, I found sshd was invoked from ips belonging to California, Brazil, China and Korea. There was also an SSH-1.0-Version_Mapper scan. I noticed the file permission changed shortly (one day) after this scan. As unSpawn pointed out, any services could be used as a door. I did enabled ip forwarding to the linux box.
Another question, if I want to secure one unix machine by making it invisible and inaccessible from outside, can I just achieve it in the gateway setup of this machine?
doris:
once your machine is hacked, you will have a tough time to clean in it up, and trying to get rid of hackers, you'll *iss 'em off and they may screw your system up badly, so before do anything backup your system.
I had a case long time ago (in times of RH6-my startup with linux), when my machine was hacked, and I started to clean up everything I saw, they didn't like it I guess, and setup my machine, so I couldn't login locally (I saw login screen but it was just a picture), and shut down ssh, so I was cut off completely. Then thanks to a good friend of mine, security expert (ex hacker), he hacked into system from network, and got things straight, because I was lost completely
It's worth repeating this: If you suspect your machine has been compromised, the only way to ensure your still have control of it is to format the disk and re-install.
or rather take another hdd for you server.
Take the old one back home, and try to learn from your/their mistakes, and correct yours before they are in your system again.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.