[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] Re: Hacked? Telnet gone, SSH gone, strange ports open
- Subject: Re: [cobalt-users] Re: Hacked? Telnet gone, SSH gone, strange ports open
- From: "Carrie Bartkowiak" <ravencarrie@xxxxxxxx>
- Date: Fri May 25 16:57:19 2001
- List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>
> Next step, am installing ipchains, tripwire, chkrootkit, findlion
the works
> as per a nifty post to this list found here:
>
> http://list.cobalt.com/pipermail/cobalt-users/2001-April/042023.html
That's my post... and the only advice I can give on it is to check
around and make sure you've got the most recent versions of programs.
For example, the 'whois' download that I list isn't the most recent.
This is:
http://bw.org/whois/dist/whois-current.tar
Also, if you have any insight on IPChains, please post it to the list.
That's one thing that everyone keeps asking and no one seems to be
able to explain - how to setup the firewall when the "how to set up a
firewall" directions seem to make no sense.
> Following that I will need to replace su, ls, and some other
utilities used
> to hide crackers
> Finally I am concerned about proftpd and qpopper.
Damn... more power to ya!!
> I am also getting vulnerabilities on bind, which is updated to 8.2.3
but is
> still giving vulnerabilties from the older bind. Should I go for
broke and
> install 9?
Check it out thoroughly before you do. I was told that 9.1 runs okay
on a RaQ4, while 9.2 breaks the GUI.
I'm not quite ready to break the GUI (my clients still need it, but
not for long) so I didn't go up to 9.2.
But in general - go as high up as *you* can, that will give you the
most protection.
> One final question, what are the default permissions for the log
files on
> var, I have some strange reading on those too.
Mailed to you off-list.
CarrieB