RE: [Nolug] SSH Key Question

From: Brett D. Estrade <estrabd_at_yahoo.com>
Date: Thu, 28 Aug 2003 10:11:55 -0700 (PDT)
Message-ID: <20030828171155.65023.qmail@web41509.mail.yahoo.com>

This is what I do:

  1. Install FreeBSD
  
  You are done.

Sorry, that is not even accurate, but I had too ;)

Brett :)

--- Dustin Puryear <dpuryear@usa.net> wrote:
> Here is what I do.
>
> 1. Install new system.
> 2. Bring up firewall completely.
> 3. Plug into network.
> 4. Run up2date.
> 5. Bring down and uninstall all unnecessary applications and services.
> 6. Setup log checking.
> 7. Setup AIDE or Tripwire.
> 8. Reduce firewall level to what is needed.
>
> You are done.
>
>
> At 11:35 AM 8/28/2003 -0500, you wrote:
>
> >It's up to date with the latest from RH.
> >I think the plan is build another box and migrate the functions to the new
> >box. Before I connect it to the network I'll have TW or something else
> >running so I can watch it a little more closely this time. It's just a lot
> >of work I didn't want to do right now. Maybe next week :)
> >
> >-----Original Message-----
> >From: Scott Harney [mailto:scotth@scottharney.com]
> >Sent: Thursday, August 28, 2003 11:12 AM
> >To: nolug@joeykelly.net
> >Subject: Re: [Nolug] SSH Key Question
> >
> >"Wimprine, Thomas" <twimprine@stei.com> writes:
> >
> >oh. and tw won't do you any good if you're already hacked. Don't trust
> >chkrootkit. check your sendmail version and redhat's security alerts
> >and make sure you haven't been running any known exposed vulnerabilies.
> >
> >
> > > This is the only 'suspicious' thing it found. A lot looks like what I just
> > > installed for graphdefang.
> > >
> > > I think I'm going to spend the rest of the day intalling and configureing
> > > tripwire. FUN FUN FUN!!!
> > >
> > >
> > > Searching for suspicious files and dirs, it may take a while...
> > > /usr/lib/perl5/5.8.0/i386-linux-thread-multi/.packlist
> > > /usr/lib/perl5/5.8.0/i386-linux-thread-multi/auto/Digest/MD5/.packlist
> > > /usr/lib/perl5/5.8.0/i386-linux-thread-multi/auto/File/Spec/.packlist
> > > /usr/lib/perl5/5.8.0/i386-linux-thread-multi/auto/Storable/.packlist
> > > /usr/lib/perl5/5.8.0/i386-linux-thread-multi/auto/Time/HiRes/.packlist
> > > /usr/lib/perl5/5.8.0/i386-linux-thread-multi/auto/CPAN/.packlist
> > > /usr/lib/perl5/5.8.0/i386-linux-thread-multi/auto/Net/.packlist
> > > /usr/lib/perl5/5.8.0/i386-linux-thread-multi/auto/DB_File/.packlist
> > >
> >/usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi/auto/IO-stringy/.pack
> > > list
> > >
> >/usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi/auto/MIME/Base64/.pac
> > > klist
> > >
> >/usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi/auto/MIME/Lite/.packl
> > > ist
> > > /usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi/auto/Mail/.packlist
> > >
> >/usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi/auto/Mail/Audit/.pack
> > > list
> > >
> >/usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi/auto/Mail/SpamAssassi
> > > n/.packlist
> > >
> >/usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi/auto/MIME-tools/.pack
> > > list
> > >
> >/usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi/auto/Digest/SHA1/.pac
> > > klist
> > > /usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi/auto/Net/.packlist
> > >
> >/usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi/auto/Net/Telnet/.pack
> > > list
> > >
> >/usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi/auto/HTML/Tagset/.pac
> > > klist
> > >
> >/usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi/auto/HTML/Parser/.pac
> > > klist
> > >
> >/usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi/auto/razor-agents-sdk
> > > /.packlist
> > >
> >/usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi/auto/razor-agents/.pa
> > > cklist
> > >
> >/usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi/auto/Archive/Tar/.pac
> > > klist
> > >
> >/usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi/auto/Term/ReadKey/.pa
> > > cklist
> > >
> >/usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi/auto/Term/ReadLine/.p
> > > acklist
> > >
> >/usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi/auto/Unix/Syslog/.pac
> > > klist
> > >
> >/usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi/auto/File/ReadBackwar
> > > ds/.packlist
> > >
> >/usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi/auto/CPAN/WAIT/.packl
> > > ist
> > >
> >/usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi/auto/TimeDate/.packli
> > > st
> > >
> >/usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi/auto/MLDBM/.packlist
> > > /usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi/auto/GD/.packlist
> > >
> >/usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi/auto/GD/Text/.packlis
> > > t
> > >
> >/usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi/auto/GD/Graph/.packli
> > > st /usr/lib/qt-3.0.5/etc/settings/.qtrc.lock
> > > /usr/lib/qt-3.0.5/etc/settings/.qt_plugins_3.0rc.lock
> > > /usr/lib/qt-3.0.5/etc/settings/.kstylerc.lock
> > > /usr/lib/openoffice/share/gnome/net/.directory
> > > /usr/lib/openoffice/share/gnome/net/.order
> > > /usr/lib/openoffice/share/kde/net/applnk/OpenOffice.org/.directory
> > > /usr/lib/openoffice/share/kde/net/applnk/OpenOffice.org/.order
> > >
> > > -----Original Message-----
> > > From: Wimprine, Thomas [mailto:twimprine@stei.com]
> > > Sent: Thursday, August 28, 2003 10:20 AM
> > > To: 'nolug@joeykelly.net'
> > > Subject: RE: [Nolug] SSH Key Question
> > >
> > > Sendmail with mimedefang, spamassassin, and AV. Then it relays it to my
> > > exchange box.
> > >
> > > I'm downloading the kit right now
> > >
> > > -----Original Message-----
> > > From: Scott Harney [mailto:scotth@scottharney.com]
> > > Sent: Thursday, August 28, 2003 10:16 AM
> > > To: nolug@joeykelly.net
> > > Subject: Re: [Nolug] SSH Key Question
> > >
> > > "Wimprine, Thomas" <twimprine@stei.com> writes:
> > >
> > >> Both systems are at work and the one I'm trying to get to is my email
> > >> gateway. It's a RH8 box but I havn't performed any updates recently. It's
> > >> behind the corp firewall and the only thing open to the outside is port
> > > 25.
> > >> The system I'm sshing (is that really a verb?) from is a W2K box running
> > >> putty.
> > >> It's the system key also not my user keys. I'm getting the message before
> > > I
> > >> login to the system.
> > >
> > > hmm. you might want to try chkrootkit as joey recommended. What smtp
> > > software version are you running on port 25?
> > >
> > >
> > > --
> > > Scott Harney<scotth@scottharney.com>
> > > "...and one script to rule them all."
> > > gpg key fingerprint=7125 0BD3 8EC4 08D7 321D CEE9 F024 7DA6 0BC7 94E5
> > > ___________________
> > > Nolug mailing list
> > > nolug@nolug.org
> > > ___________________
> > > Nolug mailing list
> > > nolug@nolug.org
> > > ___________________
> > > Nolug mailing list
> > > nolug@nolug.org
> > >
> >
> >--
> >Scott Harney<scotth@scottharney.com>
> >"...and one script to rule them all."
> >gpg key fingerprint=7125 0BD3 8EC4 08D7 321D CEE9 F024 7DA6 0BC7 94E5
> >___________________
> >Nolug mailing list
> >nolug@nolug.org
> >___________________
> >Nolug mailing list
> >nolug@nolug.org
>
>
> ---
> Dustin Puryear <dustin@puryear-it.com>
> Puryear Information Technology, LLC <http://www.puryear-it.com>
> Providing expertise in the management, integration, and
> security of Windows and UNIX systems, networks, and applications.
>
> ___________________
> Nolug mailing list
> nolug@nolug.org

=====
http://www.brettsbsd.net/~estrabd

__________________________________
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com
___________________
Nolug mailing list
nolug@nolug.org
Received on 08/28/03

This archive was generated by hypermail 2.2.0 : 12/19/08 EST