[CentOS] I've been hacked -- what should I do next?

Fri Dec 1 18:34:57 UTC 2006
Stephen John Smoogen <smooge at gmail.com>

On 12/1/06, centos at 911networks.com <centos at 911networks.com> wrote:
> On Fri, 1 Dec 2006 08:51:02 -0500
> Steve Huff <shuff at vecna.org> wrote:
> > let me add another suggestion to the flood: once you've rebuilt
> > the box, install DenyHosts (http://denyhosts.sourceforge.net/).
> > this tool is quite effective at blocking brute-force ssh attacks;
> > not only will this make it much harder for an attacker even if you
> > should happen to set a weak password on an account in the future,
> > but it will also reduce the amount of CPU time and memory wasted on
> > dealing with brute-force ssh attacks.
> http://www.bastille-linux.org/
> Bastille is an interactive program that will guide you on how to
> lock-down your boxes. They even have an OsX beta version.
> It goes into even more area than was mentioned by the others. It asks
> you questions with very extensive explanations and then will apply
> the changes for you at the end.

Be very very careful with Bastille. Read the documentation first and
realize that you may lock yourself out of your system etc. In the last
year I have had to walk over 20 people on how to boot from a cdrom,
remount, try to undo the Bastille changes, and get the box in a
working state.

Stephen J Smoogen. -- CSIRT/Linux System Administrator
How far that little candle throws his beams! So shines a good deed
in a naughty world. = Shakespeare. "The Merchant of Venice"