[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] Installing SSH2, IPChains, Portsentry, Logcheck, Tripwire, Chkrootkit, Lionfind, Whois, lcap and more

Carrie,

Do you paint your credit card number on your garage door? :)
(Ref.... tv commercial)

Ok.... you have to watch where you get your bins/rpms ... and make sure you
get the fresh new stable stuff...  Many of the things here are very
misleading and will lull the user into several problems and security
holes....  and it's not a good idea to post/make a webpage that is visible
to the world...

For example.... you pissed off some isp a little while back and had a
"problem" right after that....   well you just told them what you have so if
they (or somebody else) launches an attack they will already know what you
have and what they have to do.  and your not doing enough....

I would be glad to help you more with this but I really don't want a report
or guide to use in hacking a cobalt user list server....

Anyway the nice teacher in me to the nice girl with the "big honker"....
I'll give you a D-   ...   See below.... :)

> Get SSH2:
> #wget
ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/rpm/RH62/openssh-2.
> 5.2p2-1.i386.rpm

-4 (was 5)
you just gave your hacker a client

> If it works, add the SSH to the startup files:
> # pico /etc/rc.d/rc.local
> At the end put:
> ***from line below****
> #Start the SSH2 Server:
> /etc/rc.d/init.d/sshd start
> fi
> ***to line above***
> Save changes and exit.

-5
Messy way to do it... and you shouldn't count on it....
did you chkconfig?

> change it to something like :
>
> Port 52
> Protocol 2

-5
Misleading

> Locate the start script in /etc/rc.d/rc3.d
> and type something like ./S55sshd restart

-5
Misleading

>
> To get Webalizer to run before logrotate, rename it:
> # mv /etc/cron.daily/webalizer.pl /etc/cron.daily/awebalizer.pl

-15
Misleading
outdated software
This isn't the best solution even if it was mine....
(still dosent work)

> To get it to leave statistics on heavy-traffic sites, go into
> /etc/webalizer.conf and set Incremental to 'yes'.

-5
Misleading

> Restarting inetd after dropping some new entries into hosts.deny:
> # /usr/sbin/inetd restart

-5
Misleading

> ftp://rpmfind.net/linux/redhat/6.2/en/os/i386/RedHat/RPMS/ipchains-1.3
> .9-5.i386.rpm

-10
Who made this rpm for you? (The guy in france?)
What files did it install.....   oh that virus one.....

> # mv ipchains-1.3* ipchains-1.3.rpm
> # rpm -i ipchains-1.3.rpm

-5
Misleading

> IPChains is now installed. The startup script is in /etc/rc.d/init.d
> as ipchains
> or
> # service ipchains start

-5
Incorrect startup

ipcahins

> # make clean (my raq grumbled at me with this)
> # make (some notes, more grumbling)

Not quite sure what problem you where having

(portsentry)
> (Dunno why, but I had to get the 'portsentry' file from old machine
> via ftp and drop it in this directory for install to work)

-15
no make
no/bad config
Misleading

> LogCheck:

-10
No Config

>
> # pico /root/crontab
> add this line:
> 01,16,31,45 * * * * /usr/local/etc/logcheck.sh
> That fires it off every 15 minutes. Adjust to your tastes.
> This line runs it once a night, at 1:01am:
> 1 1 * * *       /usr/local/etc/logcheck.sh
> If you don't have a file there yet, pico will make a new one. Tell
> crontab to pay attention to it like so:

-10
dangerous
unneccessary

well thats enough ... I have to get back to what i'm suppose to be doing....

Zeffie
http://www.zeffie.com/
"Yes I'm working on your server now"