Fedora Linux Support Community & Resources Center

Go Back   FedoraForum.org > Fedora 19/20 > Security and Privacy
FedoraForum Search

Forgot Password? Join Us!

Security and Privacy Sadly, malware, spyware, hackers and privacy threats abound in today's world. Let's be paranoid and secure our penguins, and slam the doors on privacy exploits.

Reply
 
Thread Tools Search this Thread Display Modes
  #1  
Old 29th July 2006, 07:34 PM
diamondnular Offline
Registered User
 
Join Date: Jun 2006
Posts: 33
Fedora 5 hacked :(

Hi there,

I have Fedora 5 installed in my Dell desktop and it runs great. But being a newbie about LInux and Fedora, I have no idea about how to secure my box, and how, what I should install in my box to help it being attacked from outside.

Recently, I received some mails in var/spool/mail/root. When reading it, I see the code below:

Code:
------------------SSHD Begin----------------------

SSHD Started: 1 Time(s)

Failed logins from:
    xxx.xxx.xxx.xxx: 229 times

Illegal users from:
    xxx.xxx.xxx.xxx: 2 times

Users logging in through sshd:
    user 1:
        192.168.0.4

Received disconnect: 
    11: Bye bye: 126 Time(s)

SFTP subsystem requests: 3 Time(s)

**Unmatched Entries**
pam_succeed_if(sshd:auth): error retrieving informatio about user guset: 1 time(s)

---------------------SSHD End---------------------------

I believe this is about the security problem of my box, and actually my box was hacked by somebody IP xxx.xxx.xxx.xxx. My question is:

1. Linux was heard to be very secured and safe. I enabled firewall, of course I enable SSH as trusted, so that I can log in using putty from outside. That hacker obvously does not know my users and passwords. So how he can accessed to my box? Does that mean Linux is not as safe as I thought before?

2. How I can secure my box as many softwares as in Windows? And where should I read and learn about security stuffs?

Thanks a million,

KC.
Reply With Quote
  #2  
Old 29th July 2006, 07:36 PM
rossheth Offline
Registered User
 
Join Date: Jun 2005
Location: North-East England
Posts: 131
http://www.raoul.shacknet.nu/2005/11/10/ssh-with-keys/ . Follow this guide to set up ssh with public key authentication.
Reply With Quote
  #3  
Old 30th July 2006, 02:53 AM
wneumann Offline
Registered User
 
Join Date: Dec 2004
Posts: 512
That log does not say that anyone got in other than 192.168.0.4, which would be you. I see this sort of thing every day. You can see more detail in your /var/log/secure. You can report such hack attempts to the relevant isp, but it is not clear it does much good. But as long as you and your users have secure passwords you won't have a problem. They scan through a bunch of names for no password or obvious password. Just rattling the door but not getting in.

But if it really bothers you you can get your firewall to block repeated failed ssh attempts. Check out

http://www.debian-administration.org/articles/187
Reply With Quote
  #4  
Old 30th July 2006, 04:35 AM
Jman Offline
Registered User
 
Join Date: Mar 2004
Location: Minnesota, USA
Age: 28
Posts: 7,909
Quote:
Originally Posted by wneumann
That log does not say that anyone got in other than 192.168.0.4, which would be you.
That's assuming 192.168.0.4 was not hacked. Difficult to be too paranoid.
Reply With Quote
  #5  
Old 30th July 2006, 03:17 PM
wneumann Offline
Registered User
 
Join Date: Dec 2004
Posts: 512
Nope. It is easy to be too paranoid. See http://forums.fedoraforum.org/forum/...d.php?t=118451
Reply With Quote
  #6  
Old 30th July 2006, 08:09 PM
Flounder Offline
Registered User
 
Join Date: Dec 2005
Location: Arkansas
Age: 25
Posts: 1,096
Well unless he has a wireless router the 192.168.0.4 was more than likely him otherwise someone cruising in the neighborhood.
__________________
OS: Fedora 20 (x86_64), CentOS 6.4 (i686)
Laptop: Lenovo G530, CPU: Intel Pentium Dual Core T4200 2.00 GHz, Ram: 4GB DDR2-667, Hard Drive: 500GB HGST 7200RPM, Graphics: Mobile Intel GM45 Express, Wireless: Broadcom 4315
Reply With Quote
  #7  
Old 31st July 2006, 02:44 AM
Iron_Mike Offline
Registered User
 
Join Date: Jul 2005
Location: Ft Huachuca, AZ
Posts: 3,772
Quote:
Originally Posted by diamondnular

2. How I can secure my box as many softwares as in Windows? And where should I read and learn about security stuffs?

KC.
That's a good one. For the home based wireless network there are several deterrents to help but most people do not implement them. If someone is getting in using your 192.168.0.4 ip address they getting in on the LAN side not the WAN side probally wireless unless they have a cable to your router. Some of the easier holes to plug are:

1. Disable broadcast SSID (Take this with a grain of salt but this only deters the casual freeloading or someone trying to get in)

2. Enable encyrption WPA at the minimum WPA2 is better LEAP/PEAP better VPN is better still. If using WPA/WPA2 use a 10 character password and not one that is a reconizeable word.

3. Enable MAC filtering even those MAC adresses can be spoofed

4. If using DHCP limit the number of IP addresses that can be assigned. Most people miss this one, if you have 2 wireless device limit the range from 192.168.1.2 to 192.168.1.3, that way if both your wilress device are on and connected no else will be assigned an IP

5. Use SSH with password and the same applies, do not use a reconizeable word, use random characters.


There are a few more that are more complicated to use, but if your only worried about someone getting into your box, turn it off if not in use. Fedora does a pretty good job of securing itself out of the box but there is always room for improvement
Reply With Quote
  #8  
Old 31st July 2006, 06:16 AM
liro Offline
Registered User
 
Join Date: Oct 2005
Location: Switzerland
Age: 31
Posts: 233
hy

http://forums.fedoraforum.org/forum/...d.php?t=109009 this how-to could be interessting for you. it descirbes the process of automaticly block (ingore) systems after a numeros of failed attempts...

cheers liro
__________________
some tips and small doc's of fedora core linux setup [german] http://www.liro.ch
Reply With Quote
  #9  
Old 31st July 2006, 10:11 AM
foobar47 Offline
Registered User
 
Join Date: Nov 2005
Location: France - Lille
Posts: 406
You are new to linux. Ok, that's the first point.
You have been hacked ? really ? no, pirated you mean...
Did you really need SSH ?
__________________
My WebPage
RHCT for the moment !
Reply With Quote
Reply

Tags
fedora, hacked

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Sick of Fedora 11 Completely Hacked off now j.smith1981 Installation, Upgrades and Live Media 20 3rd September 2009 10:27 AM
Why can Fedora Core 7 be hacked Fluxburn Servers & Networking 6 10th July 2007 11:18 AM
Fedora Core 3 System Hacked :( valdes Installation, Upgrades and Live Media 1 29th September 2006 02:54 PM
Help. My fedora core 2 has been hacked surdet Security and Privacy 1 19th November 2005 12:30 AM
sshd [default fedora settings can get you hacked] t3gah Security and Privacy 4 18th March 2005 12:10 AM


Current GMT-time: 06:50 (Wednesday, 20-08-2014)

TopSubscribe to XML RSS for all Threads in all ForumsFedoraForumDotOrg Archive
logo

All trademarks, and forum posts in this site are property of their respective owner(s).
FedoraForum.org is privately owned and is not directly sponsored by the Fedora Project or Red Hat, Inc.

Privacy Policy | Term of Use | Posting Guidelines | Archive | Contact Us | Founding Members

Powered by vBulletin® Copyright ©2000 - 2012, vBulletin Solutions, Inc.

FedoraForum is Powered by RedHat