Mailing List Archive

If you have a doubt that your server has been compromised, not only you
should change your password, but you should reinstall the server from
scratch and known good backups.

My root password is a small word.


Not a good thing... make it a long password with different characters (alpha
numeric + special characters).

--
Ghislain Bourgeois
---
Linux System administrator

How can you possibly think that security is a waste of time? Is this a
cynical statement along the lines of "I cannot expect to stop a
determined attacker anyways", or an statement along the lines of "nobody
would ever attack me anyways"? If the latter, please erase that thought
from your mind and proceed as if you'd never considered it. The vast
majority of those attacked never expected to be, and they are often the
victim of script kiddies and other automated attack vectors that just go
for whatever victims are available.

Regards,

Richard M. Conlan

J.A. wrote:
> Should I change my password?
>
> My root password is a small word. I don't know if this makes any
> difference or is appropriate but when I type in the command "users", it
> will list the same user 3 to 7 times. Other weird stuff has happened
> like my clock changing to way different times. Also there is a user rpc
> pointing to /sbin/portmap and a user 1000 which I did not create.
>
> If I have been cracked into I would never know probably. Also the reason
> why I am bringing this to your attention is because I am backing up some
> sensitive code with encryption to yahoo.com and hotmail.com email
> accounts. I have dialup and I can email up to 10MB.
>
> I have a separate gateway/firewall (in.thesame.net) but I forgot the
> user name and password. It was setup with openna.com security procedures
> about four years ago. Also I am thinking that security is a waste of
> time but I would like to back up my sensitive code in a secure fashion.
>
> Yours,
> JAson
--
gentoo-security@gentoo.org mailing list

On 9/30/05, J.A. <HEBLACK@ispmonsters.com> wrote:
> Should I change my password?
>
> My root password is a small word. I don't know if this makes any
> difference or is appropriate but when I type in the command "users", it
> will list the same user 3 to 7 times. Other weird stuff has happened
> like my clock changing to way different times. Also there is a user rpc
> pointing to /sbin/portmap and a user 1000 which I did not create.
>
> If I have been cracked into I would never know probably. Also the reason
> why I am bringing this to your attention is because I am backing up some
> sensitive code with encryption to yahoo.com and hotmail.com email
> accounts. I have dialup and I can email up to 10MB.
>
> I have a separate gateway/firewall (in.thesame.net) but I forgot the
> user name and password. It was setup with openna.com security procedures
> about four years ago. Also I am thinking that security is a waste of
> time but I would like to back up my sensitive code in a secure fashion.

Boy does this smack of troll-ism. I'll give you the benefit of the doubt.

1. Yes - change your password.
2. Like Ghislain said, if in doubt, reinstall.
3. Never ever allow root logins through ssh. Configure and use sudo
and only su to root from your everyday user when necessary.
4. Get a real backup solution - emailing to free email accounts is
asking for disaster.

It's clear that you're a little naive with regards to how a linux box
should be properly adminstered. Take some time and read up on linux
security, networking, and intrusion detection.

--
gentoo-security@gentoo.org mailing list

J.A. wrote:
>Should I change my password?
>My root password is a small word.

Use Diceware, http://www.diceware.com. That way you can get entire and
mostly 'random' passphrases that in my experience are easier to
remember than passwords.


--
Barry.SCHWARTZ@chemoelectric.org http://www.chemoelectric.org
Esperantistoj rajtas skribi al Bojo ĉe chemoelectric.org.
'Democracies don't war; democracies are peaceful countries.' - Bush
(http://www.whitehouse.gov/news/releases/2005/12/20051219-2.html)

On Friday 30 September 2005 21:02, J.A. wrote:
> Should I change my password?
>
> My root password is a small word.

that is bad

> I don't know if this makes any
> difference or is appropriate but when I type in the command "users", it
> will list the same user 3 to 7 times.
because you have several console/xterm sessions open?


> Other weird stuff has happened
> like my clock changing to way different times.

install ntp, rm /etc/adjtime, run ntpdate. Regularly.



>
> I have a separate gateway/firewall (in.thesame.net) but I forgot the
> user name and password. It was setup with openna.com security procedures
> about four years ago. Also I am thinking that security is a waste of
> time but I would like to back up my sensitive code in a secure fashion.

if security would be a waste of time, your 'sensitive code' would probably
lost.

But why are you posting this mail?
What is your question/problem?
--
gentoo-security@gentoo.org mailing list

Hemmann, Volker Armin schrieb:
> But why are you posting this mail?
> What is your question/problem?
>
i must join this answer.

changing your password (and it's simple -> very bad....) should not a
problem or should it be ?

i'm confused

On Friday 17 February 2006 20:38, Falkner, Daniel wrote:
> Hemmann, Volker Armin schrieb:
> > But why are you posting this mail?
> > What is your question/problem?
>
> i must join this answer.
>
> changing your password (and it's simple -> very bad....) should not a
> problem or should it be ?

no, it is totally simple.
passwd
enter
old pw
enter
new pw
enter
--
gentoo-security@gentoo.org mailing list

J.A. schrieb:
> Should I change my password?

s/password/brain

Yes.

Regards
Oli
--
gentoo-security@gentoo.org mailing list

On Friday 30 September 2005 02:02 pm, J.A. wrote:
> I have a separate gateway/firewall (in.thesame.net) but I forgot the
> user name and password. It was setup with openna.com security procedures
>   about four years ago.
openna.com mentions nothing (I didn't see it) about securing your BIOS or boot
loader. This means that you can download knoppix and boot it (assuming you
have a bootable cdrom, you may need to change bios settings).

Once knoppix is up and running, find the device that contains your firewall's
filesystem. If the filesystem is on multiple partitions, then mount them as
they would be on the live system. Assuming /dev/hda3 is your primary
partition, perform the following:
# mount /dev/hda3 /mnt/hda3
# chroot /mnt/hda3
# passwd
... type your new password, twice to verify

If it complains, you may need to have proc mounted. If so, you can do this:
mount -t proc none /mnt/hda3/proc

These are a little bit generalized, but I hope it helps.

Robert Larson

--
gentoo-security@gentoo.org mailing list

Hi,

maybe you can emerge tools like chrootkit or rkhunter for checking your
box for intruders. Clearly, it wouldn't help, if someone has
'bruteforced' your password, but if an intruder came throu a vunerable
application and installed a rootkit or something like that, the tools
might help you.

Furthermore it is highly recommended, that your root-password contains
of a non-dictionay alpha-numeric (at least capitals, lower case letters
and numbers) 8 character long phrase.

Greetings Christian
--
gentoo-security@gentoo.org mailing list

Am Samstag, 18. Februar 2006 01:48 schrieb mir Christian Limberg:
> maybe you can emerge tools like chrootkit or rkhunter for checking
> your box for intruders. Clearly, it wouldn't help, if someone has
> 'bruteforced' your password, but if an intruder came throu a
> vunerable application and installed a rootkit or something like that,
> the tools might help you.

No, you can't detect with those tools if your system is *not*
compromised.

> Furthermore it is highly recommended, that your root-password
> contains of a non-dictionay alpha-numeric (at least capitals, lower
> case letters and numbers) 8 character long phrase.

And it it highly recommended to set up a new system from scratch.
Everything else is Russian roulette.

Regards
Oli
--
gentoo-security@gentoo.org mailing list

Oliver Schad wrote:
> Am Samstag, 18. Februar 2006 01:48 schrieb mir Christian Limberg:
>
>> maybe you can emerge tools like chrootkit or rkhunter for checking
>> your box for intruders. Clearly, it wouldn't help, if someone has
>> 'bruteforced' your password, but if an intruder came throu a
>> vunerable application and installed a rootkit or something like that,
>> the tools might help you.
>>
>
> No, you can't detect with those tools if your system is *not*
> compromised.
>
>
>> Furthermore it is highly recommended, that your root-password
>> contains of a non-dictionay alpha-numeric (at least capitals, lower
>> case letters and numbers) 8 character long phrase.
>>
>
> And it it highly recommended to set up a new system from scratch.
> Everything else is Russian roulette.
>
> Regards
> Oli
>
There are a lot of good schemes for creating solid, memorable passwords.
My favorite advice comes from the USAH (http://www.admin.com/). To
paraphrase, come up with a nonsensical and slightly offensive (George
Carlin's seven words are allowed:
http://en.wikipedia.org/wiki/Seven_dirty_words) phrase of a half dozen
or so words. Take the first two letters from each word. Then mix up the
case and use numbers or symbols to replace certain letters occasionally.
The result is a pretty solid password that you should be able to
remember by remembering the silly phrase you started with.
--
gentoo-security@gentoo.org mailing list

On Friday 17 February 2006 23:49, Robert Larson wrote:
> On Friday 30 September 2005 02:02 pm, J.A. wrote:
> > I have a separate gateway/firewall (in.thesame.net) but I forgot the
> > user name and password. It was setup with openna.com security
> > procedures about four years ago.
>
> openna.com mentions nothing (I didn't see it) about securing your BIOS
> or boot loader. This means that you can download knoppix and boot it
> (assuming you have a bootable cdrom, you may need to change bios
> settings).

Don't forget the padlock on the case. Otherwise the bios can be reset,
including the password. Also be aware that most bios passwords can
easilly be cracked, so don't make it equal to another password.

Of course a padlock is not going to stop the really determined. One can
easilly open the case in a different way, or just cut the padlock away.
If you want real "security" the only way to go is to encrypt your
harddisk. (This means you need to type the passphrase for the key at
bootup, or have a dongle)

Paul

--
Paul de Vrieze
Gentoo Developer
Mail: pauldv@gentoo.org
Homepage: http://www.devrieze.net

Am Montag, 20. Februar 2006 11:07 schrieb mir Paul de Vrieze:
> Of course a padlock is not going to stop the really determined. One
> can easilly open the case in a different way, or just cut the padlock
> away. If you want real "security" the only way to go is to encrypt
> your harddisk. (This means you need to type the passphrase for the
> key at bootup, or have a dongle)

And then I modify your bootloader or use a keylogger if I have physical
access to your computer to get what I want.

You have to protect and check the physical integrity of your hardware if
you want to be safe.

Regards
Oli
--
gentoo-security@gentoo.org mailing list

And how does one realistically check the physical integrity of their
hardware? o_O That seems a herculean task for all but the most hardcore
computer engineer.

~RMC

Oliver Schad wrote:
> Am Montag, 20. Februar 2006 11:07 schrieb mir Paul de Vrieze:
>> Of course a padlock is not going to stop the really determined. One
>> can easilly open the case in a different way, or just cut the padlock
>> away. If you want real "security" the only way to go is to encrypt
>> your harddisk. (This means you need to type the passphrase for the
>> key at bootup, or have a dongle)
>
> And then I modify your bootloader or use a keylogger if I have physical
> access to your computer to get what I want.
>
> You have to protect and check the physical integrity of your hardware if
> you want to be safe.
>
> Regards
> Oli
--
gentoo-security@gentoo.org mailing list

Any recommendations of good dongle-based hard-drive encryption software?

~RMC

Paul de Vrieze wrote:
> On Friday 17 February 2006 23:49, Robert Larson wrote:
>> On Friday 30 September 2005 02:02 pm, J.A. wrote:
>>> I have a separate gateway/firewall (in.thesame.net) but I forgot the
>>> user name and password. It was setup with openna.com security
>>> procedures about four years ago.
>> openna.com mentions nothing (I didn't see it) about securing your BIOS
>> or boot loader. This means that you can download knoppix and boot it
>> (assuming you have a bootable cdrom, you may need to change bios
>> settings).
>
> Don't forget the padlock on the case. Otherwise the bios can be reset,
> including the password. Also be aware that most bios passwords can
> easilly be cracked, so don't make it equal to another password.
>
> Of course a padlock is not going to stop the really determined. One can
> easilly open the case in a different way, or just cut the padlock away.
> If you want real "security" the only way to go is to encrypt your
> harddisk. (This means you need to type the passphrase for the key at
> bootup, or have a dongle)
>
> Paul
>
--
gentoo-security@gentoo.org mailing list

Am Montag, 20. Februar 2006 16:20 schrieb mir Richard M. Conlan:
> And how does one realistically check the physical integrity of their
> hardware? o_O That seems a herculean task for all but the most
> hardcore computer engineer.

Every computer centre has a alarm system for physical intruders - a
check of videos and sensor logs can give you surety. You can mark your
hardware additionally with - I don't know the english word - signs(?)
which breaks if someone manpipulates your hardware.

Regards
Oli

--
gentoo-security@gentoo.org mailing list

> Every computer centre has a alarm system for physical intruders - a
> check of videos and sensor logs can give you surety. You can mark your
> hardware additionally with - I don't know the english word - signs(?)
> which breaks if someone manpipulates your hardware.

I agree that sealing the case is a good start to know when the case was
opened.

Olli
--
gentoo-security@gentoo.org mailing list

-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

Richard M. Conlan wrote:
> Any recommendations of good dongle-based hard-drive encryption software?
>

Your best bet for dongle-based encryption in linux would be to use
dm-crypt luks.

A good, general guide:
http://gentoo-wiki.com/SECURITY_System_Encryption_DM-Crypt_with_LUKS

And then this link will demonstrate how to store the keys on your usb
dongle (last question):
http://luks.endorphin.org/faq


I used this to encrypt my computers. I stored the keys for my drives on
the dongle. But I also encrypted the dongle. So I used the gentoo wiki
guide and changed some things around so the initrd image would decrypt
my dongle then cat the keys to cryptsetup. One really good pass phrase
on one encrypted dongle will decrypt all my drives. I also made an
encrypted backup of the passphrases onto a floppy and stored them
outside of my property.

Hope this helps. It is, at least, one suggestion.

Sincerely,
Doug

> ~RMC
>
> Paul de Vrieze wrote:
>> On Friday 17 February 2006 23:49, Robert Larson wrote:
>>> On Friday 30 September 2005 02:02 pm, J.A. wrote:
>>>> I have a separate gateway/firewall (in.thesame.net) but I forgot the
>>>> user name and password. It was setup with openna.com security
>>>> procedures about four years ago.
>>> openna.com mentions nothing (I didn't see it) about securing your BIOS
>>> or boot loader. This means that you can download knoppix and boot it
>>> (assuming you have a bootable cdrom, you may need to change bios
>>> settings).
>>
>> Don't forget the padlock on the case. Otherwise the bios can be reset,
>> including the password. Also be aware that most bios passwords can
>> easilly be cracked, so don't make it equal to another password.
>>
>> Of course a padlock is not going to stop the really determined. One
>> can easilly open the case in a different way, or just cut the padlock
>> away. If you want real "security" the only way to go is to encrypt
>> your harddisk. (This means you need to type the passphrase for the key
>> at bootup, or have a dongle)
>>
>> Paul
>>




- --
How do I know the past isn't fiction designed to account for the discrepancy
between my immediate physical sensations and my state of mind?

/~\ The ASCII Douglas Breault Jr. <GenKreton at comcast dot net>
\ / Ribbon Campaign GnuPG public key ID: C4E44A19 (pgp.mit.edu)
X Against HTML Key fingerprint:
/ \ Email! 21C3 F37D A8F5 1955 05F2 9A69 92A0 C177 C4E4 4A19
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.1 (GNU/Linux)

iD8DBQFD+ehXkqDBd8TkShkRA1HAAJ9df1VhUa+Enk1vHqCpaQpMXeEyNwCgsIYY
CtACPC/ExqEpmfvKepoqVmI=
=gp3m
-----END PGP SIGNATURE-----
--
gentoo-security@gentoo.org mailing list

Video and sensor logs are definitely great when available, but there are
plenty of companies without such precautions, besides the home user who
seldom has them. It is tricky to seal/mark a case in some way that an
intruder could not falsify.

I agree both of these are good measures, but neither amounts to
verifying the physical security of the hardware.

~RMC

Oliver Schad wrote:
> Am Montag, 20. Februar 2006 16:20 schrieb mir Richard M. Conlan:
>> And how does one realistically check the physical integrity of their
>> hardware? o_O That seems a herculean task for all but the most
>> hardcore computer engineer.
>
> Every computer centre has a alarm system for physical intruders - a
> check of videos and sensor logs can give you surety. You can mark your
> hardware additionally with - I don't know the english word - signs(?)
> which breaks if someone manpipulates your hardware.
>
> Regards
> Oli
>
--
gentoo-security@gentoo.org mailing list

Richard M. Conlan wrote:
>
> How can you possibly think that security is a waste of time? Is this a
> cynical statement along the lines of "I cannot expect to stop a
> determined attacker anyways", or an statement along the lines of "nobody
> would ever attack me anyways"? If the latter, please erase that thought
> from your mind and proceed as if you'd never considered it. The vast

No. It is about the fact that I am paranoid about emerging. I have no
clue about it.

[snip]

>>
>> Yours,
>> JAson


--
J . A . < H E B L A C K @ I S P M O N S T E R S . C O M >

--
gentoo-security@gentoo.org mailing list