[CentOS] an actual hacked machine, in a preserved state

Tue Jan 3 19:36:22 UTC 2012
Ljubomir Ljubojevic <office at plnet.rs>

On 01/03/2012 04:47 PM, m.roth at 5-cent.us wrote:
> Having been on vacation, I'm coming in very late in this....
>
> Les Mikesell wrote:
>> On Tue, Jan 3, 2012 at 4:28 AM, Bennett Haselton<bennett at peacefire.org>
>> wrote:
> <snip>
>>> OK but those are *users* who have their own passwords that they have
>>> chosen, presumably.  User-chosen passwords cannot be assumed to be
>>> secure against a brute-force attack.  What I'm saying is that if you're
>>> the only user, by my reasoning you don't need fail2ban if you just use a
>>> 12-character truly random password.
>>
>> But you aren't exactly an authority when you are still guessing about
>> the cause of your problem, are you?  (And haven't mentioned what your
>> logs said about failed attempts leading up to the break in...).
>
> Further, that's a ridiculous assumption. Without fail2ban, or something
> like it, they'll keep trying. You, instead, Bennett, are presumably
> generating that "truly random" password[1] and assigning it to all your
> users[2], and not allowing them to change their passwords, and you will be
> changing it occasionally and informing them of the change.[3]
>
> Right?
>
>          mark
>
> 1. How will you generate "truly random"? Clicks on a Geiger counter? There
> is no such thing as a random number generator.
> 2. Which, being "truly random", they will write down somewhere, or store
> it on a key, labelling the file "mypassword" or some such.
> 3. How will you notify them of their new password - in plain text?

Bennet was/is the only one using those systems, and only as root. No 
additional users existed prior to breach. And he is very persisting in 
placing his own opinion/belief above those he asks for help. That is why 
we have such a long long long thread. It came to the point where I am 
starting to believe him being a troll. Not sure yet, but it is getting 
there.

I am writing this for your sake, not his. I decided to just watch from 
no on. This thread WAS very informative, I did lear A LOT, but enough is 
enough, and I spent far to much time reading this thread.


-- 

Ljubomir Ljubojevic
(Love is in the Air)
PL Computers
Serbia, Europe

Google is the Mother, Google is the Father, and traceroute is your
trusty Spiderman...
StarOS, Mikrotik and CentOS/RHEL/Linux consultant