Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Maybe a security problem involving Linux hosts
Special Forums Cybersecurity Maybe a security problem involving Linux hosts Post 302980298 by Neo on Friday 26th of August 2016 01:11:03 AM
Old 08-26-2016
Quote:
Originally Posted by SInt
.... I hope none of you guys reacts now how most people reacted: "this guy is crazy, give him more meds" or something. I know it sounds crazy and it is crazy. But lets say my observations are correct where could the entry point be for an attacker?
Risk is based on many factors, which include:
  1. Threat
  2. Vulnerability
  3. Criticality
If I read your post correctly, it sounds like you feel like there is a threat based on your interaction with some groups on the net and your systems are vulnerable. So, the main question which remains is how critical is the Linux computer system you are worried about?

If the system is really important and a breach would amount to serious loss, then you should really consider getting a professional to help you.

If the system has nothing important running on it; then you could just rebuild it from a scratch if you are worried.

If the system has backups, you could recover the system from a backup that was from a time prior to the hacking incident being discovered.

There are lots of options and the way you move forward depending on the risk profile of the system and that depends on the intersection of the three areas I mentioned above (1) threat, (2) vulnerability and (3) criticality.
Last edited by rbatte1; 08-26-2016 at 04:28 AM.. Reason: Converted text based numbered list for formatted numbered list
This User Gave Thanks to Neo For This Post:
SInt
 

6 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

remote hosts access problem on solaris

hey guys, i am on a box named pluto and i need to be able to log into another box named genesis. i need to be able to ssh into genesis as root and not get asked for the password. what file do i need to edit on genesis to make this happen? i searched for the .rhosts file it doesn't seem to exist.... (1 Reply)
Discussion started by: Terrible
1 Replies

2. UNIX for Dummies Questions & Answers

problem in script involving month arithmetic

advance happy new year to all, i am having a script.The purpose of the scripts is as follows.If the current month is march,june,september or december ,inc_flg should be set to '1' otherwise inc_flg should be set to '2' month= date +"%m" if || || || ; then inc_flg = 1 else ... (6 Replies)
Discussion started by: rajarp
6 Replies

3. Programming

A challenging problem involving symbolic links.

Hello, I'm working on an application that bridges together several applications involved in creating a video workflow for editing with digital cinema cameras. The main platform is MacOSX. Because of the nature of some of the utilities for working with this video footage I must spoof filenames... (2 Replies)
Discussion started by: ibloom
2 Replies

4. Shell Programming and Scripting

problem feeding netcat a list of hosts

Hi, I'm having difficulty in making a bash script to get netcat to scan a list of hosts and their ports from another file and could use some help. Here's an example host list, "nc.host": 192.168.2.110 22 And here's the first script I tried to feed "nc.host" into netcat: "nc1.sh" ... (3 Replies)
Discussion started by: seanovision
3 Replies

5. Shell Programming and Scripting

Problem in expect script with password involving trailing backslash

Hi all, I have wriiten an expect script that genearates a public private key pair through ssh-keygen and then copies that key to the authorized keys file of the remote system . The problem i am facing is when i get a password for the remote machine containg a trailing backslash , the send command... (4 Replies)
Discussion started by: pradeeptyagi23
4 Replies

6. Solaris

How to copy a tar file on a series of remote hosts and untar it on those hosts?

Am trying to copy a tar file onto a series of remote hosts and untar it at the destination. Need to do this without having to do multiple ssh. Actions to perform within a single ssh session via shell script - copy a file - untar at destination (remote host) OS : Linux RHEL6 (3 Replies)
Discussion started by: sankasu
3 Replies

LEARN ABOUT DEBIAN

ninja

NINJA(8)																  NINJA(8)

NAME

       ninja - Privilege escalation detection system for GNU/Linux

SYNOPSIS

       ninja filename

DESCRIPTION

       Ninja is a privilege escalation detection and prevention system for GNU/Linux hosts. While running, it will monitor process activity on the
       local host, and keep track of all processes running as root.  If a process is spawned with UID or GID zero (root), ninja will log necessary
       information about this process, and optionally kill the process if it was spawned by an unauthorized user.

       A "magic" group can be specified, allowing members of this group to run any setuid/setgid root executable.

       Individual  executables can be whitelisted.  Ninja uses a fine grained whitelist that lets you whitelist executables on a group and/or user
       basis. This can be used to allow specific groups or individual users access to setuid/setgid root programs, such as su(1) and passwd(1).

CONFIGURATION

       Ninja requires a configuration file to run. For more information about the configuration, please refer to the "default.conf" file,  located
       at "/usr/share/doc/ninja/examples/" in the source tree.	There, all the available options are explained in detail.

WHITELIST

       The  whitelist  is  a  plain text file, containing new-line separated entries.  Entries consists of three fields, separated by colons.  The
       first field is the full path to the executable you wish to whitelist.  The second field is a comma separated list of groups that should	be
       granted access to the executable.  The third field is a comma separated list of users.

       <executable>:<groups>:<users>

       The second or third field can be left empty.  Please refer to the example whitlist located in "/usr/share/doc/ninja/examples/".

       Remember that it is a good idea to whitelist programs such as passwd(1) and other regular setuid applications that users require access to.

SECURITY

       The  goal of this application is to be able to detect and stop local, and possibly also remote exploits. It is important to note that ninja
       cannot prevent attackers from running exploits, as a successful exploitation only will be detected AFTER the attacker has gained root. How-
       ever,  when  ninja is running with a short scanning cycle, this detection happens nearly immediately. The security lies in the fact that we
       stop the attacker before he/she has time to do anything nasty to the system, and it gives us the  opportunity  to  disable  the	attacker's
       shell access, and lock him/her out of the system.

       In  an  ideal  environment, ninja should be run together with kernel hardening systems such as grsecurity (www.grsecurity.net) as this will
       allow for some protection of the ninja process.

       This is not a complete security system. Do not rely on it to keep your system safe.

BUGS

       Please let me know if you should stumble across any bugs or other weirdness.  I greatly appreciate all bug reports, patches, ideas, sugges-
       tions and comments.

LICENSE

       Ninja is released under the General Public License (GPL) version 2 or higher.

AUTHOR

       Tom Rune Flo <tom@x86.no>

								    August 2005 							  NINJA(8)
All times are GMT -4. The time now is 09:22 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy