On Sun, 15 Jun 2003 at 04:13:19AM -0500, eyem wrote: > paranoid I now am!! > > I always found the concept of script kiddies amusing ... but if I ever found > this guy I'd ring his neck. Is there any way I can track him down ? (I have > already backed up some stuff and wiped my hard drive)
You can try, but do you trust logs of a cracked system? If you had an uncompromised syslog server it would be more reliable b/c they can INSERT bogus logs but not delete/modify any logs... > > After following the debian "how to secure your system" instructions, I would > like to go a step further and install snort or something. Is that going too > far? ... is snort the relevant thing ? Snort in stable is old. You may wish to compile the one in unstable and use that one or download it from snort.org. Here is a few keys to security: 1. Watch bug track. If a new vuln is discivered in a service you are running then shut it off or block it at some network boarder. 2. When a DSA comes out, apt-get uppdate and apt-get upgrade EVERY machine. You may wish to put this in your cron.daily or in a crontab @daily apt-get -q -q -q -q update && apt-get -s -q -q -q -q upgrade 3. Don't send passwords in the clear, ever. 4. Firewall your machine/network or both. -- Phillip Hofmeister PGP/GPG Key: http://www.zionlth.org/~plhofmei/ wget -O - http://www.zionlth.org/~plhofmei/key.txt | gpg --import -- Excuse #132: Bugs in the RAID
