[CentOS] pop3 attack
Bill Campbell
centos at celestial.com
Wed Dec 10 00:23:43 UTC 2008
On Tue, Dec 09, 2008, Chris Boyd wrote:
>
>On Dec 9, 2008, at 2:33 PM, Bill Campbell wrote:
>
>> Once the cracker finds an account with a guessable password, they
>> may well
>> be able to get access to your system as that user via ssh, webmin,
>> usermin,
>> or other means. Given shell access, the cracker can install user-
>> level IRC
>> servers or gain root access via exploits that only work for local
>> users. I
>> have seen cases where crackers were able to change user shells and
>> other
>> information via usermin or webmin by exploiting vulnerabilities in
>> system
>> utilities thus gaining access to the system.
>
>You can keep compromised accounts from logging in via ssh with the
>"AllowUsers" option in your /etc/ssh/sshd_config file. Add that
>option followed by a list of user names that you want to be able to
>log in, ex:
By the time you know the user has been compromised, it's too late.
We normally don't allow password authentication with ssh,
requiring authorized_keys. In the cases where we have to allow
password authentication, we severely restrict ssh acces using the
/etc/hosts.allow file.
Bill
--
INTERNET: bill at celestial.com Bill Campbell; Celestial Software LLC
URL: http://www.celestial.com/ PO Box 820; 6641 E. Mercer Way
Voice: (206) 236-1676 Mercer Island, WA 98040-0820
Fax: (206) 232-9186
Basic Definitions of Science:
If it's green or wiggles, it's biology.
If it stinks, it's chemistry.
If it doesn't work, it's physics.
More information about the CentOS
mailing list