[CentOS] server is always getting hacked
Michael A. Peters
mpeters at mac.com
Thu Jul 2 03:29:45 UTC 2009
Robert Heller wrote:
> At Wed, 01 Jul 2009 16:08:08 -0600 CentOS mailing list <centos at centos.org> wrote:
>
>> On Wed, 01 Jul 2009 15:05:58 -0700
>> Gary Greene wrote:
>>
>>> . With sudo,
>>> you get a record of what command was executed with superuser rights by whom
>>> at whenever given hour.
>> sudo bash
>
> Which in turn is logged. Such a log entry might raise a red flag.
>
>
Speaking of logged - I don't do this but Dad set up his systems
(solaris) to immediately boot the user and send an alert to the operator
if the root user issued the id command and had not become root from a
member of the wheel group.
He was a university admin, they had to have telnet open because of grad
students doing research in countries that did not allow secure
connections. Most of the time, that single action got the hacker off
before any damage was done. Those were primarily Solaris systems he
dealt with.
They also had a log server that everything was logged to (off the
network, fed I think by serial cable if I recall but it may have been
cat 5 - sun had funny looking serial ports that took a cat 5 jacks to
me), as local logs are easily modified once you have a root shell.
But I don't personally deal with any systems that big and complex.
More information about the CentOS
mailing list