I got hacked the other day through ssh, which was funny to me as always because of the lameness of people that do that versus the intelligence quotient, etc, etc. too funny. :D

but anyway, they hacked me. why? because the default settings for sshd were this:

Protocal 2,1
#PermitRootLogin yes

Now you may say that "het it's remarked out", but according to the read me in the beginning of sshd_conf, those that are remarked out are active settings too.

Run the following tools on your system and see:

rkhunter
http://freshmeat.net/projects/rkhunter/

chkrootkit
http://www.chkrootkit.org/


The ssh protocal 1 is dead imho and should be removed from ssh altogether as it is a insecure protocal. Future Fedora releases should have a special ssh according what is safe and not what the RFC says.

And one last thing. sshd was running by default on my system and I didn't even know it. FedoraFaq.org should have a new section for Security as the first link and have the top things to set on your Fedora Core system that will make it safe for Internet travel.

There are books on this out there. There should be a headline here and every forum on the Internet with the "simple steps to secure your Linux box" as their top billed homepage item. php should be included, etc, etc.

(Maybe Fedora Core 4 the release will be secure or have a util so you can set and close ports, have the correct settings for sshd, etc. Maybe they will include rkhunter and chkrootkit packages in the next release.)

Also, consider adding an "AllowUsers" line as stated in
http://fedoranews.org/contributors/richard_flude/ssh/

My sshd_config looks like this:[root@pc12345 ~]# egrep -v "^#|^$" /etc/ssh/sshd_config
Protocol 2
SyslogFacility AUTHPRIV
PermitRootLogin no
AllowUsers pigpen
PasswordAuthentication yes
ChallengeResponseAuthentication no
GSSAPIAuthentication yes
GSSAPICleanupCredentials yes
UsePAM yes
X11Forwarding yes
Subsystem sftp /usr/libexec/openssh/sftp-serverYou could also change the default port for ssh connections (port 22), but this is too much "security-through-obscurity" to my taste.

Check it out on Insecure.org too. Halfway down the page, they show this vulnerability and how it was used accurately in The Matrix (under the heading Nmap featured in The Matrix Reloaded) NMap is a free security scanner used by Trinity in the Matrix. available at www.insecure.org/nmap

Insecure.org has a TON of hacking and monitoring tools.

Remember, Hackers are "computer saavy people who mingle with the inner workings of computers" and Crackers are "Malacious Coders"... we are all Hackers - not Crackers

Check it out on Insecure.org too. Halfway down the page, they show this vulnerability and how it was used accurately in The Matrix (under the heading Nmap featured in The Matrix Reloaded) NMap is a free security scanner used by Trinity in the Matrix. available at www.insecure.org/nmap

Insecure.org has a TON of hacking and monitoring tools.

Remember, Hackers are "computer saavy people who mingle with the inner workings of computers" and Crackers are "Malacious Coders"... we are all Hackers - not CrackersThanks for the tools link but that still doesn't tell people the basic way to secure a Linux box.


But.... I'm now wondering whether this sshd setting thing isn't more like what Microsoft got caught doing with their OSes and apps awhile back, which was them deliberately leaving a port open so they could check to see if you were breaking the EULA. They would pop in and download the portion of the registry that contained the serial numbers for apps and the os itself.

Maybe this is the same thing and RH is checking up on us.

You never know though because they are starting to act like a "Politcially Correct" o/s company like M$. First they take out the irc client "B i t c h X", then XFce, what's next?

epic? x-chat? virc? where's my "B i t c h X"?

And for FedoraForum.org's knowledge.... b i t c h

that's a female dog. Look it up with dictionary.com or Webster Dictionary or Funk & Wagnall Dictionary. IT's NOT a curse word.

Everyone test the theory. Try to type out the word "b i t c h" without the spaces. What a weird place...

"B i t c h X" is in almost every distribution of Linux & *BSD and we can't type the word out here because of what??

And it's not in any FC because ? because they are ignorant and don't know anything about animals and what they are called.

BEE AYE TEA SEA AYCH EX


h t t p : / / w w w . b i t c h x . o r g

Maybe this is the same thing and RH is checking up on us.

ROFLMAO.......

That is perhaps one of the most absurd and ridiculous innuendos I have heard in a long time.

You know, you might just consider actually helping a few people out, maybe describe the problem in more detail, and offer a soluting, instead of just whining about Fedora.