LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 06-01-2003, 02:42 PM   #1
g_arun22
LQ Newbie
 
Registered: Jun 2003
Posts: 4

Rep: Reputation: 0
securing corporate system


what are plans to secure a corporate system during emergency ?
 
Old 06-01-2003, 02:43 PM   #2
david_ross
Moderator
 
Registered: Mar 2003
Location: Scotland
Distribution: Slackware, RedHat, Debian
Posts: 12,047

Rep: Reputation: 79
Turn your systems off?
 
Old 06-01-2003, 02:45 PM   #3
twilli227
Member
 
Registered: May 2003
Location: S.W. Ohio
Distribution: Ubuntu, OS X
Posts: 760

Rep: Reputation: 30
Please do not double post
 
Old 06-01-2003, 03:23 PM   #4
mamabiscothu
LQ Newbie
 
Registered: Jun 2003
Posts: 3

Rep: Reputation: 0
RUN AWAY FROM THE PLACE IS A VERY GOOD IDEA!
TAKE UR CEO'S DAUGHTER ALONG WITH YOU IS ANOTHER OPTION
 
Old 06-01-2003, 03:24 PM   #5
mamabiscothu
LQ Newbie
 
Registered: Jun 2003
Posts: 3

Rep: Reputation: 0
TWILLI227 IS 227 UR JAIL IP NUMBER
 
Old 06-01-2003, 03:26 PM   #6
david_ross
Moderator
 
Registered: Mar 2003
Location: Scotland
Distribution: Slackware, RedHat, Debian
Posts: 12,047

Rep: Reputation: 79
Quote:
Originally posted by mamabiscothu
RUN AWAY FROM THE PLACE IS A VERY GOOD IDEA!
TAKE UR CEO'S DAUGHTER ALONG WITH YOU IS ANOTHER OPTION
Is that from experience?
 
Old 06-01-2003, 03:27 PM   #7
mamabiscothu
LQ Newbie
 
Registered: Jun 2003
Posts: 3

Rep: Reputation: 0
DAVID ROSS YEP BUDDY!U ALSO TRY!BUT DON'T THINK U WILL BE LUCKY LIKE ME.
 
Old 06-01-2003, 03:36 PM   #8
twilli227
Member
 
Registered: May 2003
Location: S.W. Ohio
Distribution: Ubuntu, OS X
Posts: 760

Rep: Reputation: 30
Yea, if I took the CEO's underage daughter.
 
Old 06-01-2003, 07:36 PM   #9
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600
//moderator note:

mamabiscothu: please stay on topic or post in /general if you've got uncontrollable posting impulses. This is a security forum and I will *not* accept off-topic remarks unless you've shown your posting behaviour to include *constructive, helpfull* replies to threads in the security forum. (and even then)

Note you should not post a reply to this post. If you do I will take corrective measures. If you do not agree with my decisions, I invite you to take it up with me by mail.

g_arun22: please elaborate on what you're asking for. Are you just looking for basic measures, checklists or starting "the right way" at the top with defining a security policy etc etc?
 
Old 06-02-2003, 04:04 AM   #10
g_arun22
LQ Newbie
 
Registered: Jun 2003
Posts: 4

Original Poster
Rep: Reputation: 0
Emergency measures

i have a linux box installed , say if my system is being hacked, what emergency measures am i supposed to make during such situation?
 
Old 06-02-2003, 05:06 AM   #11
Robert0380
LQ Guru
 
Registered: Apr 2002
Location: Atlanta
Distribution: Gentoo
Posts: 1,280

Rep: Reputation: 47
unplug it from the internet. that is a serious answer by the way. this way , the attacker wont have access and cannot futher adulterate your machine. that's step 1. Somebody else will have to fill in steps 2 - whatever because after that i'd just backup what i can, and reformat just incase there were any backdoors installed.
 
Old 06-02-2003, 06:33 AM   #12
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600
g_arun22: your last question does not clear up anything you asked in your original question: "what are plans to secure a corporate system during emergency ?".

Please be more verbose about what the purpose and settings for the box are (like "corporate intranet server", "SOHO mailserver", if this is a corporate box if they have a security policy, and what kind of emergencies you are pointing at (if you have any idea), else risk getting answers that do not apply to the situation you have in mind, are incomplete or even detrimental to the business process.

Robert0380: you have no details about what emergency he's on about, you do not know the settings the system operates in and yet you say unplugging the system is step #1. Can I take it then, since you failed to provide consecutive steps, you are guessing? I mean "because after that i'd just backup what i can, (..)" definately is NOT the next step I'd take if there's a rootkit on the box or if the box is under DoS attack. So please clarify if you will.
//note you should *not* view this as a personal attack, but as moderator it is my task to make sure the information we provide is clear, thruthfull and usefull. Maybe you have new insights and since I don't pretend to know everything, learning is the only way to go...
 
Old 06-02-2003, 12:55 PM   #13
v2lk
Member
 
Registered: May 2003
Location: Estonia
Distribution: Slackware 9.1
Posts: 61

Rep: Reputation: 15
Code:
# telinit 1
EDIT:
ok, then. it depends on what kind of services are you running. if you can allow yourself some downtime, bring the system down into one user mode (runlevel 1), as shown above. some distributions don't have telinit, then it's "init 1" or smth. like that. after this, what i would do is to chown/chmod all my more important directories recrusively to make sure they have the proper permissions, check your default runlevel initialisation directory (ie /etc/rc.d/rc.3) to make sure that there is nothing there shouldn't be and change the root's password and then switch back to the runlevel needed (# telinit 3 for example). after that use commands who, top and netstat to keep your eye on for a little while. it's very much possible that everything remains still.
of course, this is if you're perfectly sure that there is nothing you can do to improve your security. if there is, then of course, install batches, reconfigure your iptables, stop running the services you don't need etc.

Last edited by v2lk; 06-02-2003 at 05:55 PM.
 
Old 06-02-2003, 05:28 PM   #14
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600
v2lk, please elaborate on what your meant with your reply.
Personally, and acting as moderator, I do not care for "drive-by" type of replies like these without proper explanation.
 
Old 06-03-2003, 04:10 AM   #15
david_ross
Moderator
 
Registered: Mar 2003
Location: Scotland
Distribution: Slackware, RedHat, Debian
Posts: 12,047

Rep: Reputation: 79
Quote:
Originally posted by v2lk
Code:
# telinit 1
EDIT:
ok, then. it depends on what kind of services are you running. if you can allow yourself some downtime, bring the system down into one user mode (runlevel 1), as shown above. some distributions don't have telinit, then it's "init 1" or smth. like that. after this, what i would do is to chown/chmod all my more important directories recrusively to make sure they have the proper permissions, check your default runlevel initialisation directory (ie /etc/rc.d/rc.3) to make sure that there is nothing there shouldn't be and change the root's password and then switch back to the runlevel needed (# telinit 3 for example). after that use commands who, top and netstat to keep your eye on for a little while. it's very much possible that everything remains still.
of course, this is if you're perfectly sure that there is nothing you can do to improve your security. if there is, then of course, install batches, reconfigure your iptables, stop running the services you don't need etc.
Like I said in post 2 - If the problem is serious then down the system completely and recover your data from another system.

If you are infected by a virus then single user mode may not be enough.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Need some guidlines on securing a system BajaNick Linux - Security 5 10-15-2004 03:48 PM
securing system for newbie? webazoid Linux - Security 4 07-03-2004 07:56 PM
Linux Corporate Mail System aastal Linux - Networking 5 08-26-2003 02:39 PM
securing system g_arun22 Linux - Security 2 06-02-2003 05:16 AM
securing a debian system for use as a server markus1982 Linux - Security 2 04-12-2003 06:38 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 10:43 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration