Hacked - FreeBSD 7.1-Release

Sean Hulbert shulbert at toolwire.com
Wed Dec 23 00:22:01 UTC 2009 

Hello

This is my 6 step check list to bullet proof your any Unix box and render it unhackable by remote access.

1. Jail all services that will touch the open internet
2. Enable file and directory security such as using Tripwire or your distro file integrity program
3. Disable any non used services
4. Set IPchains to allow access to only the services you want the outside to access.
5. Off load your system logs to a NFS mount
6. Set a pass phrase for the password. 

*7. Make sure the computer you are using to access the Unix system is secure and does not have any key logging Trojans on it or "all is for not."

Thank You
Sean Hulbert
Miraculum Laborat

Network Systems Specialist

www.toolwire.com
 
CONFIDENTIALITY NOTICE: This communication with its contents may contain confidential and/or legally privileged information. It is solely for the use of the intended recipient(s). Unauthorized interception, review, use or disclosure is prohibited and may violate applicable laws including the Electronic Communications Privacy Act. If you are not the intended recipient, please contact the sender and destroy all copies of the communication.
 
igitur qui desiderat pacem, praeparet bellum!!!
 
Epitoma Rei Militaris


-----Original Message-----
From: owner-freebsd-stable at freebsd.org [mailto:owner-freebsd-stable at freebsd.org] On Behalf Of Andresen, Jason R.
Sent: Tuesday, December 22, 2009 8:36 AM
To: FreeBSD-STABLE Mailing List
Subject: RE: Hacked - FreeBSD 7.1-Release

Squirrel wrote:
>most likely could be some kind of remote code execution or SQLi 
>executed in the context of some php scripts, you should audit php code 
>of your web interface and of the websites you host.
>also consider the strenght of your passwords, lots of login attempts to 
>ssh/ftp may mean a he has tried a bruteforce (or a dictionary attack 
>maybe). you should also check webmin logs, there are a few bruteforcer 
>for webmin out there, (*hint*) consider the lenght of your average 
>password if it's more than 7-8 characters aplhanumeric with simbols 
>most likely this isn't the case.

While it's true that it's a good idea to check your password strength, pretty much any host connected to the internet is going to be hit daily by bots looking for weak passwords.  It's one area where you logs don't help much because there is too much noise.

More information about the freebsd-stable mailing list