Server hacked, Desperate for help with FC6
Grant M.
grant at neonedge.com
Sat Nov 25 08:54:41 EST 2006
Is there any reason for FC6, or was it just a matter of selecting a distro?
I recently tried the new Ubuntu Enterprise, and I can't say I hate it
for a server. I definitely like the fact that it doesn't install
anything to speak of, which leaves all of those unknown attack vectors
out in the cold, as well as being able to run it on minimal hardware
without going to the trouble of turning off lots of stuff. It does
require you to take into account the fact that you then need to install
what you need, however apt-get is fairly simple to use (it's debian-based).
I have tried RHEL3 & 4, RedHat Pro Desktop, Suse Desktop 9, Ubuntu
Desktop & Ubuntu Enterprise, Fedora Core 4 & 5, SlackWare (9 maybe?),
and YellowDog. So far I like Suse best for a Desktop (with both Gnome &
KDE installed, but KDE as the desktop), and Ubuntu Enterprise as a Server.
The RHEL3 boxes I've used are always being attacked, and several times
hacked. It just takes way too much energy to keep up with all of the
possibilities for exploits on those things.
The RedHat Desktop would regularly crash or freeze.
The Suse 9 Desktop I am still using at work. No problems to speak of.
The Ubuntu Enterprise server we're using was compromised on a
non-priviledged account once, but there isn't anything installed that
the user could use, so no worries. It only runs Bind9 & HTTP, so it
can't be used for mail, and I only had to address configuring those two
services for security purpoase. That inevitably saves alot of worry.
I've also added the attached snippet to the end of my /etc/profiles on
those machines, only allowing logins from a single internal machine to
my Linux boxen (the .24 machine runs IRIX ;-) . I then run a cron every
minute that looks for the 'login' file, and if found emails the
hmail.txt file (by piping it into sendmail -t). It's not foolproof (you
could just type Ctrl-C if you're smart enough), but it definitely helps
some.
I hope that helps,
Grant M.
--
------------
Grant M.
NeonEdge...Web Pages by Design
http://www.neonedge.com/
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: prof_snip.sh
URL: <http://lists.blu.org/pipermail/discuss/attachments/20061125/496239eb/attachment.ksh>
More information about the Discuss
mailing list