OT: Printer/scanner suggestions.
Gaijin
gaijin at clearwire.net
Fri Oct 5 13:33:52 EDT 2007
"Doug Sutherland" <doug&proficio,ca> speculated:
> It should not be possible for files to be inaccessible by root.
> It is possible that you now have a rootkit installed.
Yeah, definitely a root-kit with filenames like "input.history" and
"catalog.events". chattr didn't work. I think most of the commands
have been compromised. The little bastage didn't re-write the ls
command very well, though. The files appear if you do an 'ls -a .*' to
display just the dot-files. Then a few dot and non-dot-files
appear...to normal and root users. It's a pretty neat hackk. I really
only had sendmail and fetchmail semi-configured, and a bunch of
symlinks to docs and HOWTO's. Oh, and commenting out half of
rc.profile. <grins> I'm not losing very much.
> > Don't leave ports open!
> Don't run services that you don't need.
> Create some detterants so they go somewhere else instead.
Had all that, except for the deterants. The firewall's closed, and
I'm only running sendmail. I have other services installed but
disabled, as they're not even configured yet. I was planning on
activating the whole shebang with a runlevel change. It's barely above
runlevel 1 at present. It's really no big deal. Helps me learn the
system.
I was wondering though. Do you know if it's possible to require
that both the executable and indestructible bits be set so a program
can run? I was thinking of password protecting the chattr command, or
re-writing it so that it could only be executed from localhost, and
locking everything down. You'd have a catch-22 scenario, if you
removed one of the bits from chattr, though. You couldn't change any
binaries or libraries remotely without access to chattr, nor upload
anything that can be made executable without chattr. <grins> I guess
admins who need full remote access won't like it, though. Nor would
anyone using a package manager, or needing to do any programming. I
guess there would have to be some kind of security toggle that only a
working chattr could disable.
Myself, I'd prefer laughing my hairy butt off at some jerk trying
to upload a virus or root-kit that he can't even run.
Michael
More information about the Speakup
mailing list