[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [cobalt-users] IMPORTANT - POSSIBLE HACKS WITH PATCHES!!
- Subject: RE: [cobalt-users] IMPORTANT - POSSIBLE HACKS WITH PATCHES!!
- From: Rodolfo Paiz <rpaiz@xxxxxxxxxxxxxx>
- Date: Sat Feb 17 23:11:17 2001
- List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>
> I'm not sure, but knowing that all the patches/updates along
> with the other security precautions I installed, were all put
> on that box as soon as it came up... BIND patch and other
> Cobalt plugs were put on *before* the box came live... So I
> really need to figure out "HOW" or "WHO" placed that line
> in inetd.conf... I've looked over bash history and everything
> looks clean... Hell it's not that large, the box has only been
> up for 48 hours..
.bash_history can be altered.
But more to the point, double-check, triple-check, and then test your
security measures as well. Actively *try* to portscan your box; then try
to hack it; then try anything you can. Use SATAN, SAINT, and other
security-related tools.
Don't assume that because you installed the firewall, that this is
enough. The configuration of that firewall is a critical variable and
you may have missed a hole. I don't actually mean to imply that you
have... I'm sure you've done a proper job, but just always remember this
is like the SAT before college... go back and CHECK YOUR WORK.
Just trying to make sure you don't acquire a false sense of security,
even if you've probably done things right.
As I've said before, just because I'm paranoid doesn't mean they're not
out to get me.
--
Rodolfo J. Paiz
rpaiz@xxxxxxxxxxxxxx <mailto:rpaiz@xxxxxxxxxxxxxx>