Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
06-01-2003, 02:42 PM
|
#1
|
LQ Newbie
Registered: Jun 2003
Posts: 4
Rep:
|
securing corporate system
what are plans to secure a corporate system during emergency ?
|
|
|
06-01-2003, 02:43 PM
|
#2
|
Moderator
Registered: Mar 2003
Location: Scotland
Distribution: Slackware, RedHat, Debian
Posts: 12,047
Rep:
|
Turn your systems off?
|
|
|
06-01-2003, 02:45 PM
|
#3
|
Member
Registered: May 2003
Location: S.W. Ohio
Distribution: Ubuntu, OS X
Posts: 760
Rep:
|
Please do not double post
|
|
|
06-01-2003, 03:23 PM
|
#4
|
LQ Newbie
Registered: Jun 2003
Posts: 3
Rep:
|
RUN AWAY FROM THE PLACE IS A VERY GOOD IDEA!
TAKE UR CEO'S DAUGHTER ALONG WITH YOU IS ANOTHER OPTION
|
|
|
06-01-2003, 03:24 PM
|
#5
|
LQ Newbie
Registered: Jun 2003
Posts: 3
Rep:
|
TWILLI227 IS 227 UR JAIL IP NUMBER
|
|
|
06-01-2003, 03:26 PM
|
#6
|
Moderator
Registered: Mar 2003
Location: Scotland
Distribution: Slackware, RedHat, Debian
Posts: 12,047
Rep:
|
Quote:
Originally posted by mamabiscothu
RUN AWAY FROM THE PLACE IS A VERY GOOD IDEA!
TAKE UR CEO'S DAUGHTER ALONG WITH YOU IS ANOTHER OPTION
|
Is that from experience?
|
|
|
06-01-2003, 03:27 PM
|
#7
|
LQ Newbie
Registered: Jun 2003
Posts: 3
Rep:
|
DAVID ROSS YEP BUDDY!U ALSO TRY!BUT DON'T THINK U WILL BE LUCKY LIKE ME.
|
|
|
06-01-2003, 03:36 PM
|
#8
|
Member
Registered: May 2003
Location: S.W. Ohio
Distribution: Ubuntu, OS X
Posts: 760
Rep:
|
Yea, if I took the CEO's underage daughter.
|
|
|
06-01-2003, 07:36 PM
|
#9
|
Moderator
Registered: May 2001
Posts: 29,415
|
//moderator note:
mamabiscothu: please stay on topic or post in /general if you've got uncontrollable posting impulses. This is a security forum and I will *not* accept off-topic remarks unless you've shown your posting behaviour to include *constructive, helpfull* replies to threads in the security forum. (and even then)
Note you should not post a reply to this post. If you do I will take corrective measures. If you do not agree with my decisions, I invite you to take it up with me by mail.
g_arun22: please elaborate on what you're asking for. Are you just looking for basic measures, checklists or starting "the right way" at the top with defining a security policy etc etc?
|
|
|
06-02-2003, 04:04 AM
|
#10
|
LQ Newbie
Registered: Jun 2003
Posts: 4
Original Poster
Rep:
|
Emergency measures
i have a linux box installed , say if my system is being hacked, what emergency measures am i supposed to make during such situation?
|
|
|
06-02-2003, 05:06 AM
|
#11
|
LQ Guru
Registered: Apr 2002
Location: Atlanta
Distribution: Gentoo
Posts: 1,280
Rep:
|
unplug it from the internet. that is a serious answer by the way. this way , the attacker wont have access and cannot futher adulterate your machine. that's step 1. Somebody else will have to fill in steps 2 - whatever because after that i'd just backup what i can, and reformat just incase there were any backdoors installed.
|
|
|
06-02-2003, 06:33 AM
|
#12
|
Moderator
Registered: May 2001
Posts: 29,415
|
g_arun22: your last question does not clear up anything you asked in your original question: "what are plans to secure a corporate system during emergency ?".
Please be more verbose about what the purpose and settings for the box are (like "corporate intranet server", "SOHO mailserver", if this is a corporate box if they have a security policy, and what kind of emergencies you are pointing at (if you have any idea), else risk getting answers that do not apply to the situation you have in mind, are incomplete or even detrimental to the business process.
Robert0380: you have no details about what emergency he's on about, you do not know the settings the system operates in and yet you say unplugging the system is step #1. Can I take it then, since you failed to provide consecutive steps, you are guessing? I mean "because after that i'd just backup what i can, (..)" definately is NOT the next step I'd take if there's a rootkit on the box or if the box is under DoS attack. So please clarify if you will.
//note you should *not* view this as a personal attack, but as moderator it is my task to make sure the information we provide is clear, thruthfull and usefull. Maybe you have new insights and since I don't pretend to know everything, learning is the only way to go...
|
|
|
06-02-2003, 12:55 PM
|
#13
|
Member
Registered: May 2003
Location: Estonia
Distribution: Slackware 9.1
Posts: 61
Rep:
|
EDIT:
ok, then. it depends on what kind of services are you running. if you can allow yourself some downtime, bring the system down into one user mode (runlevel 1), as shown above. some distributions don't have telinit, then it's "init 1" or smth. like that. after this, what i would do is to chown/chmod all my more important directories recrusively to make sure they have the proper permissions, check your default runlevel initialisation directory (ie /etc/rc.d/rc.3) to make sure that there is nothing there shouldn't be and change the root's password and then switch back to the runlevel needed (# telinit 3 for example). after that use commands who, top and netstat to keep your eye on for a little while. it's very much possible that everything remains still.
of course, this is if you're perfectly sure that there is nothing you can do to improve your security. if there is, then of course, install batches, reconfigure your iptables, stop running the services you don't need etc.
Last edited by v2lk; 06-02-2003 at 05:55 PM.
|
|
|
06-02-2003, 05:28 PM
|
#14
|
Moderator
Registered: May 2001
Posts: 29,415
|
v2lk, please elaborate on what your meant with your reply.
Personally, and acting as moderator, I do not care for "drive-by" type of replies like these without proper explanation.
|
|
|
06-03-2003, 04:10 AM
|
#15
|
Moderator
Registered: Mar 2003
Location: Scotland
Distribution: Slackware, RedHat, Debian
Posts: 12,047
Rep:
|
Quote:
Originally posted by v2lk
EDIT:
ok, then. it depends on what kind of services are you running. if you can allow yourself some downtime, bring the system down into one user mode (runlevel 1), as shown above. some distributions don't have telinit, then it's "init 1" or smth. like that. after this, what i would do is to chown/chmod all my more important directories recrusively to make sure they have the proper permissions, check your default runlevel initialisation directory (ie /etc/rc.d/rc.3) to make sure that there is nothing there shouldn't be and change the root's password and then switch back to the runlevel needed (# telinit 3 for example). after that use commands who, top and netstat to keep your eye on for a little while. it's very much possible that everything remains still.
of course, this is if you're perfectly sure that there is nothing you can do to improve your security. if there is, then of course, install batches, reconfigure your iptables, stop running the services you don't need etc.
|
Like I said in post 2 - If the problem is serious then down the system completely and recover your data from another system.
If you are infected by a virus then single user mode may not be enough.
|
|
|
All times are GMT -5. The time now is 10:43 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|