[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-users] Thanks Jay and Tim, another question... Done it myself..

Subject: [cobalt-users] Thanks Jay and Tim, another question... Done it myself..
From: Charles Teton <info@xxxxxxxxxx>
Date: Thu Jun 27 18:49:01 2002
List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>

Hi,

I decided to grab my balls and go ahead and learn heavily about my server...

Thanks to lots of help pages on the web, thanks especially to:

http://www.uk2raq.com/raqfaq/
http://www.raqhowto.com/index.html
http://pkgmaster.com/packages/raq/3/

And all the other great RaQ and help sites and forums...

I've now installed, OpenSSH and Logcheck without any problems, disabled
telnet, which was always disabled, made my browser access by SSL and ftp via
SSH and read lots of security documents like:

http://www.linuxsecurity.com/docs/colsfaq.html
http://www.linuxsecurity.com/HOWTO/Security-HOWTO.html
http://www.w3.org/Security/Faq/www-security-faq.html

Still, I have 2 question:

1) What is the best way to view some of my root 'access only' logs, of
coarse after the cu command... What is the command to download them to my
own computer?

And 2) I'm going to install Portsentry 1.1 after the apache cobalt update,
any suggestions on the best settings? I.e.

portsentry -tcp (basic port-bound TCP mode)
portsentry -udp (basic port-bound UDP mode)
portsentry -stcp (Stealth TCP scan detection)
portsentry -atcp (Advanced TCP stealth scan detection)
portsentry -sudp ("Stealth" UDP scan detection)
portsentry -audp (Advanced "Stealth" UDP scan detection)


Its amazing really, within 2 days of the server being turned on I had the
following log:

/scripts/..%255c%255c../winnt/system32/cmd.exe
/scripts/..%252f../winnt/system32/cmd.exe
/scripts/.%252e/.%252e/winnt/system32/cmd.exe
/scripts/..%255c../winnt/system32/cmd.exe
/d/winnt/system32/cmd.exe
/scripts/root.exe 
/cgi-bin/formmail.pl

from:

inetnum:     211.94.128.0 - 211.94.159.255
descr:       China united telecommunications corporation BEIJING branch
descr:       Customer of CNUNINET

person:      Unicom China
address:     911 Room,Xin Tong Center,No.8 Beijing Railway Station
address:     East Avenue, Beijing,PRC.

Charles Teton
United Independent Pictures Ltd.
Tel: + 44 (0) 77 8660 5026
http://www.makingmymovie.com

Follow-Ups:
- RE: [cobalt-users] Thanks Jay and Tim, another question... Done it myself..
  - From: Dan Kriwitsky
- Re: [cobalt-users] Thanks Jay and Tim, another question... Done it myself..
  - From: Tim Dunn
- Re: [cobalt-users] Thanks Jay and Tim, another question... Done it myself..
  - From: Jay Summers

Prev by Date: RE: [cobalt-users] .htaccess and errordocumennt
Next by Date: RE: Re: [cobalt-users] Tomcat
Previous by thread: RE: [cobalt-users] .htaccess and errordocumennt
Next by thread: RE: [cobalt-users] Thanks Jay and Tim, another question... Done it myself..

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index