[linux-help] Re: Help with hackers

[Jeff Vian <jvian10@xxxxxxxxxxx>]

Are the hack attempts being done strictly via network, or at the console
as well?

If strictly via the network you might achieve the (real time) logging
and a nasty message by using portsentry.  Portsentry however takes the
place of the service that might otherwise be running on that port since
only one socket can listen on a single port with a given protocol at a
time.  Portsentry is configurable as to what action you want to take.
You can also tell (after-the-fact) the success of any breakins and what
has been done by using tripwire to log and report changes in your
system. You define the parts of the system you want to monitor and what
action to take here as well.

You have not indicated what services you have running, nor what methods
might be used in the hacking attempts.

If the ONLY account on the system is root, RH Linux AFAIK has never
allowed remote logins via telnet as root.  

Redhat 6.2 has several known weaknesses in the services it runs by
default and if these services are running it could be a lesson to the
hackers on where to find information on known hacks rather than an
attempt to find ways on their own to break in.

With no services running there is no point they can attack, thus no
weakness and no way to get in.  nmap can be used to scan for listening
services/ports that might be vulnerable.

From the console that is another issue.


"Adam M. Sennott" wrote:
> 
> Hello, Linux users.
> 
> As I mentioned in a previous post, I am currently involved in a lab
> situation with several other RedHat 6.2 Linux users.  Each of us has an
> individual server, and we are on a private network 172.16.xxx.xxx with
> numerically consecutive IP address.
> 
> Some advanced students have access to our PCs, and have been encouraged to
> try to hack, in order to provide us with lessons in security.
> 
> Being that the only current account is root, and we have configured the
> 'linux single' bootup to require a password *and* protected the
> configuration file lilo.conf with 'chmod 640 lilo.conf' we are relatively
> safe from one another.  Not even the advanced students know enough about the
> OS to telnet in and really do any damage (besides, the only time the
> machines are on and live is when we're sitting at them, or another student
> is trying to break in.)
> 
> But I digress.  My question is, is there any way I could place a echo
> statement somewhere in a file so that someone failing to log in correctly as
> root, or as linux single would receive a nasty little message?  And better
> yet, is there a way for me to log the failed attempts, as they will likely
> take place when I'm at lunch or gone home for the day?
> 
> If anyone would care to answer, or elaborate on how I might provide
> additional security, please advise.
> 
> Thanks in advance,
> 
> Adam S.
> 
> -- This is the linux-help@xxxxxxxxx list.  To unsubscribe,
> visit http://www.complete.org/cgi-bin/listargate-aclug.cgi
-- This is the linux-help@xxxxxxxxx list.  To unsubscribe,
visit http://www.complete.org/cgi-bin/listargate-aclug.cgi