On Mon, February 2, 2015 5:34 pm, Always Learning wrote: > > On Mon, 2015-02-02 at 16:30 -0600, Valeri Galtsev wrote: > >> RedHat doesn't like poorly administered machined with RHEL linux get >> hacked, then many voices saying saying in the internet: RHEL Linux is >> not secure, RHEL Linux machines are getting hacked. Even though the >> reason is not what it sounds like. > > What is the reason RHEL machines are being hacked ? > I assume, you may have your own list but once you asked I'll mention off the top of my head what I've seen (no, these are not happened on machine I administer - knocking on wood ): 1. machine compromised elsewhere, user password (via keylogger or malicious ssh client) or secret key gets stolen; cyber criminal connects to my server with credentials on my user 2. after he is in: elevation of privileges through some local exploit. As I tend to have nothing to be exploited on multi-user machines (and run them under assumption bad guy is already in), this normally doesn't happen to me, but I help sometimes to sweep up mess and do forensics when that happened to someone 3. Independent on the above: just blunder when you are doing administration. I have seen admin helping a user (who was on the phone) change his password. And he accidentally in passwd username stuck enter between the above two words (!). Which ended up in changing root password on machine to very weak one he passed that person over the phone. When that didn't work (good hint that that was not that user's password that was changed!), he just changed it again. Then intruder just walked as root through open door (that weak password was one of the top four in cracker's dictionary). 4. Not updating the system, or having vulnerable services - I have seen these as well 5. Weak root password should be on the list, but practically only the ones on the top of password cracking dictionary are... Anyway, I do (or I like to think that I do) have strong root passwords. Nevertheless, I always have measures to thwart dictionary attacks from the network (as some of my users may have weak passwords, not the ones on the top of dictionary though I bet) ... This list goes on, someone can continue. Most of what I see (like the list above) I would classify as poor system administration. The last has nothing to do with how well RedHat puts together and patches their system. So I can understand them being less than willing to have RHEL hacked due to that. However, to think that you can force one to maintain his system well is utopia. So, even though I understand their reasons, I am sceptical they will find panacea. Valeri ++++++++++++++++++++++++++++++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ++++++++++++++++++++++++++++++++++++++++