[NTLUG:Discuss] Security
MadHat
madhat at unspecific.com
Wed Sep 22 13:59:35 CDT 1999
"J. Reeves Hall" wrote:
>
> I just learned the hard way that passwords should be shadowed...
> I user I thought I could trust grabbed /etc/passwd, and successfully
> rooted... He changed the root password, but AFAIK he didn't do anything
> else.
> IF YOU HAVEN'T SHADOWED YOUR PASSWORDS, DO IT NOW!!! I don't know why
> Red Hat doesn't do that by default...
RH6 does...
> After this happened I downloaded a program called John The Ripper and
> fired it at my passwd file. It recovered 6 of the passwords in 30
> minutes. The root password is very difficult (no easily discernible
> pattern to the characters) but it seems they got it.
>
> My machine is neutron.uberhax0r.net. If anyone can offer any security
> suggestions, I'd be grateful. Just please don't crash the system or
> cause any damage if you do manage to get in.
Port State Protocol Service
21 open tcp ftp
23 open tcp telnet
111 filtered tcp sunrpc
137 filtered tcp netbios-ns
138 filtered tcp netbios-dgm
139 filtered tcp netbios-ssn
6000 open tcp X11
Use ssh instead of telnet (you can get it in RPM format from
http://www.replay.com), turn off the netbios and sunrpc stuff unless you
need it (for SMB or NFS)... use tcp_rappers for ftp. It looks like
anonomous ftp is still on, but didn't work anyway... you might want to
activate the firewall rules. Just ideas
>
> -Reeves
--
MadHat
More information about the Discuss
mailing list