LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 01-28-2007, 07:17 PM   #1
Whitestar
Member
 
Registered: Jan 2007
Distribution: Ubuntu CE Jaunty
Posts: 52

Rep: Reputation: 15
Why such a cracker box?


Okay. I know Red Hat 9 is very old and I'm looking to upgrade. But why is my puter such a cracker box? I have to do reinstalls to get things back to normal. I have a router w firewall, there's a firewall with the distro...no avail. Are these tools useful somehow? Mere psychological comfort? What do these do?

I've done quite a bit of reading, but what the information I've yet to acquire is, how does this individual so repeatedly manage to get in? How do I stop it?

(I'm a newbie who basically knows what a mouse does, plus I have spots of beta I've gleaned from selective reading on specific problems. But I lack an overall understanding of how this problem is occuring, and how to deal with this problem once and for all. I thought Linux was supposed to take care of that-feel free to laugh; I won't be offended-but all it's done is make help less acessible. Until I stumbled onto this wonderful community! )
 
Old 01-28-2007, 07:39 PM   #2
btmiller
Senior Member
 
Registered: May 2004
Location: In the DC 'burbs
Distribution: Arch, Scientific Linux, Debian, Ubuntu
Posts: 4,290

Rep: Reputation: 378Reputation: 378Reputation: 378Reputation: 378
Probably you're leaving some vulnerable service exposed to the Internet. If you're running an unpatched Red hat 9 there are many such things installed, and you are probably running one. Another possibility is weak passwords if you are allowing remote SSH logins (I think this is set up out of the box on RH9). Also, once an attacker gains root access there is little you can do but learn how he got in, reformat, and reinstall, closing the hole in the reinstalled system before connecting it to a network.

Here's the best way to avoid having your system cracked:

1) Run an up to date distribution that has security fixes issued for it. Red Hat 9 is no longersupported, even by the Fedora legacy project, so vulnerabilities will probably go unpatched. Time to ditch it. If you like the "Red Hat" way then Fedora Core 6 is a free download.

2) Keep your system up to date with the latest patches. This can easily be done with yum on Fedora Core systems.

3) Use a firewall and make sure no services are exposed on the Internet. Take the time to learn how to configure the firewall and shut down everything attempting to make an unsolicited connection. Likewise, make sure that there are no servers running that you don't want to be (a firewall would block access anyway if configured properly, but defense in depth is a good thing).

4) Use strong passwords for accounts (8+ characters as a mix of upper case, lower case, numbers, and symbols -- do not base your passwords on real-life words).

5) Monitor your system's logs for any sign of suspicious behavior.

For details on how to do all of these things, read the stickied thread at the top of the forum, containing advice and links from the experts.
 
Old 01-28-2007, 08:55 PM   #3
chort
Senior Member
 
Registered: Jul 2003
Location: Silicon Valley, USA
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660

Rep: Reputation: 76
The biggest problem you have is that older versions of RH have a lot of services enabled out of the box and no firewall (IIRC). Since you're a newbie, it would be very difficult to figure out how to go around and lock down all those services, or write an iptables firewall to block them (which might be subject to bypass any way since the kernel is very old and IIRC has iptables vulnerabilities).

By far the simplest thing for you to do would be to download a newer distribution (that has firewall enabled by default and most services turned off) and go from there. Trying to learn security on a fundamentally insecure platform is going to be frustrating. There are some old pros out there who could lock down a RH 9 box and make it secure, but if you don't know how to do that already it's just going to be frustrating to try.

Do whatever you have to in order to download a newer distro (such as Fedora) and burn it to CD so you can install. If you have to borrow a friend's computer, or go to the library and user their computers, or whatever it takes, it will be worth it.

Click here to download CD images
I'd recommend one of the following:
Fedora Core
Ubuntu
openSuSE

Last edited by chort; 01-28-2007 at 08:58 PM.
 
Old 01-29-2007, 10:51 PM   #4
Whitestar
Member
 
Registered: Jan 2007
Distribution: Ubuntu CE Jaunty
Posts: 52

Original Poster
Rep: Reputation: 15
Thank you both for your excellent advice. I'm taking your suggestion and getting a more up-to-date OS: Ubuntu, a distro based on the brand new one. I will also implement your instructions on greater security.

Sad to say, a couple of years ago I was still using Mandrake 8.0! 8.0, for crying out loud. But now I'm getting serious about using the puter and I want to know everything I can about Linux.

Thanks again!
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Zip Passwd Cracker for Linux biker10 Linux - General 3 02-23-2006 07:04 PM
FAKE APT-GET OR YUM resources ???cracker spoof stick ? my-unix-dream Linux - Newbie 2 05-14-2005 12:04 PM
Which distro of UNIX/LINUX is the most secure and cracker,virus free ?? pleasehelpme Linux - Newbie 3 05-08-2005 11:25 AM
need a zipfile password cracker irishmage Linux - Software 1 04-08-2004 09:33 AM
Have you cracker WEP? robson8112 Linux - Wireless Networking 3 01-05-2004 03:15 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 05:23 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration