LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 07-28-2005, 06:20 AM   #1
tiredoflogins
Member
 
Registered: Sep 2004
Distribution: Red Hat Linux
Posts: 89

Rep: Reputation: 15
Angry Probably a stupid newbie q


Hi Folks,
I am under the impression that my linux box has been compromised. I am not really a network admin guy, my root password was toor for some period of time.

The reason I suspect this is that I am no longer able to login as root anymore. I dont have anything important on my box. (Red Hat Linux 8) SO I have decided to format the linux partition.

My questions are

1) Would it be possible that my box has been used for some sort of foul play. In that case, what should I be worried about?

2) How does an attacker gain hold of my root password?


Cheers,
MR TIRED.
 
Old 07-28-2005, 06:53 AM   #2
Nathanael
Member
 
Registered: May 2004
Location: Karlsruhe, Germany
Distribution: debian, gentoo, os x (darwin), ubuntu
Posts: 940

Rep: Reputation: 33
physical access to a lot of linux pc's is enough to gain root access, you dont even need the root password and there are still a few ways of how to change the root password.

ssh would be the least likely way an attacker would use gain access to your pc through.

other apps (which in most cases are not patched or correctly secured) can be more vulnerable than ssh.

being connected to the internet 24/7 with an incorrectly secured pc is a vulnerability.

unfort. you have erased any data that could have been used to really verify if you system had been cracked.

in most cases, you gain root access without a root password.

make sure you have a descent root password. block incoming traffic on ports you do not want to be open.

a good think is to start of with blocking everything incoming, and allowing RELATED, ESTABLISHED (this means, all that you request, comes back into your system) this ensures connections cannot be established from the outside (this is not 100 percent secure, but will stop all attackers that 'just for fun' would want to crack your system - all black-hats that could still crack your system, will rather want to spend time cracking something where they gain a benifit from!)

important:
- never erase your log files!!
- keep backups of /etc stored elsewhere (ie. cd/floppy/sd/mmc...)
- make sure shadow is chmod 620 and chown root:shadow
- also passwd should be chmod 622 and chown root:root
- dont use sudo. if you must though, read the man page and secure it, so no user has rights in a sudo env. to change root's passwd.
- check you do not have unknown users in your system... do this by copying passwd and comparing the copy with the original.
- check your logs
 
Old 07-28-2005, 06:56 AM   #3
Nathanael
Member
 
Registered: May 2004
Location: Karlsruhe, Germany
Distribution: debian, gentoo, os x (darwin), ubuntu
Posts: 940

Rep: Reputation: 33
oh, you can also harden your kernel...
ie: http://lids.org/
 
Old 07-28-2005, 07:09 AM   #4
maxut
Senior Member
 
Registered: May 2003
Location: istanbul
Distribution: debian - redhat - others
Posts: 1,188

Rep: Reputation: 50
it is not good idea to use redhat 8.0 for security reasons. it is an old distro and not updated. i can suggest centos ( www.centos.org ), it is almost same as RHEL, surely u wont have redhat support.

good luck.

Last edited by maxut; 07-28-2005 at 07:10 AM.
 
Old 07-29-2005, 05:22 AM   #5
tiredoflogins
Member
 
Registered: Sep 2004
Distribution: Red Hat Linux
Posts: 89

Original Poster
Rep: Reputation: 15
Thanks for your help folks. My system I use only for browsing the internet. Nothing else. I actually use a dialup to connect to the internet. Since the other user I created could not dialup, I used the root login to dialup. Everything was fine, until one day, I could not login as root.

I am reinstalling Mandrake Linux now.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Stupid Newbie Questions PapaSmurf88 Mandriva 4 05-21-2005 01:09 PM
stupid newbie question aznboi12321 Fedora 3 03-01-2005 12:10 PM
I'm a stupid Newbie and I need help dleo Linux - Newbie 4 06-16-2004 03:29 PM
Perhaps stupid even for a newbie, but I could really use help with Kopete. maestro52 Linux - Newbie 3 08-28-2003 01:29 AM
Another stupid newbie question linuxchick Linux - Newbie 1 03-01-2002 06:49 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 01:45 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration