Fedora Linux Support Community & Resources Center

Home Forums Posting Rules Linux Help Fedora Set-Up Guides Ask Fedora Fedora Project
Go Back   FedoraForum.org > Fedora 17/18 > Security and Privacy
Reload this Page Securing my machine
FedoraForum Search
Forgot Password? Join Us!
Register All Albums FAQ Search Today's Posts Mark Forums Read

Security and Privacy Sadly, malware, spyware, hackers and privacy threats abound in today's world. Let's be paranoid and secure our penguins, and slam the doors on privacy exploits.

Closed Thread
 
Thread Tools Search this Thread Display Modes
  #1  
Old 15th August 2004, 07:04 PM
PsyGhost Offline
Registered User
  
Join Date: Aug 2004
Age: 24
Posts: 114
Securing my machine
A couple of monthes ago I used redhat linux and my friend asked for an access via SSH. I created normal user for him, and denied a direct root login to ssh. He activated an exploit and changed my root password. My question is what do I need to do in order to protect myself from these local exploits? upgrade the kernel? the openssh package?
  #2  
Old 15th August 2004, 07:14 PM
Picomp314's Avatar
Picomp314 Offline
Registered User
  
Join Date: May 2004
Posts: 532
sounds like a good friend to me...
there seem to be quite alot of exploits like that, with an ssh session it could be a large number of things, although i would defintely try to update the openssh package
  #3  
Old 15th August 2004, 07:36 PM
crackers's Avatar
crackers Offline
Retired Community Manager
  
Join Date: Feb 2004
Location: Seattle, WA, USA
Age: 56
Posts: 3,423
Quote:
Originally Posted by PsyGhost
A couple of monthes ago I used redhat linux and my friend asked for an access via SSH. I created normal user for him, and denied a direct root login to ssh. He activated an exploit and changed my root password. My question is what do I need to do in order to protect myself from these local exploits? upgrade the kernel? the openssh package?
First, I would get myself a new friend after beating this one to a bloody pulp. Notice that there is no smiley here. Your so-called friend is a ... well, I don't think I can post my exact thoughts here: it'd melt my keyboard and your monitor.

Secondly, I'd chroot the person until such time as they prove themselves worthy of being able to play nice.

The only way to prevent local exploits is to not let anyone in.
__________________
Linux User #28251 (April '93)
Professional Java Geek :cool:
  #4  
Old 15th August 2004, 07:43 PM
Picomp314's Avatar
Picomp314 Offline
Registered User
  
Join Date: May 2004
Posts: 532
word crackers
chroot jail
  #5  
Old 15th August 2004, 09:01 PM
PsyGhost Offline
Registered User
  
Join Date: Aug 2004
Age: 24
Posts: 114
I think you guys misunderstood.
He didn't destroy my system, he changed the root password just to show me he can, off course he gave me the new one, he's not that evil
How can I chroot jain him?
I'm using OpenSSH 3.6.1p2-34
  #6  
Old 16th August 2004, 01:56 AM
superbnerd
Guest
  
Posts: n/a
well, if he's your friend, ask him what exploit he used and reporrt it to the folks at openssh.com. also, is your system up2date? there have been several updates for ssh security fixes and the kernel. if he tells you what the exploit is then you will know he is not evil. if he withhold the info, kill his account.
  #7  
Old 10th July 2008, 12:42 PM
armann's Avatar
armann Offline
Registered User
  
Join Date: Nov 2007
Location: Iceland
Age: 33
Posts: 41
Quote:
Originally Posted by PsyGhost
I think you guys misunderstood.
He didn't destroy my system, he changed the root password just to show me he can, off course he gave me the new one, he's not that evil
How can I chroot jain him?
I'm using OpenSSH 3.6.1p2-34
Since he got into your system that's not the hardest thing in the world to do.
Like the others have said, great friend
  #8  
Old 10th July 2008, 12:49 PM
Wayne
Guest
  
Posts: n/a
Wow! you managed to dig up and post to a very dead four-year-old thread! There's only one thing for it, after closing it!

http://uk.youtube.com/watch?v=grbSQ6O6kbs

Wayne
Closed Thread

Tags
machine, securing

« Previous Thread | Next Thread »
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Securing a VPS eXDee Security and Privacy 12 23rd September 2009 08:41 PM
Securing a vps eXDee Security and Privacy 2 26th March 2009 03:46 PM
Need help in securing /tmp beyond Security and Privacy 15 1st March 2005 01:45 PM


Current GMT-time: 04:00 (Wednesday, 22-05-2013)

TopSubscribe to XML RSS for all Threads in all ForumsFedoraForumDotOrg Archive
logo

All trademarks, and forum posts in this site are property of their respective owner(s).
FedoraForum.org is privately owned and is not directly sponsored by the Fedora Project or Red Hat, Inc.
Privacy Policy | Term of Use | Posting Guidelines | Archive | Contact Us | Founding Members

Powered by vBulletin® Copyright ©2000 - 2012, vBulletin Solutions, Inc.

 FedoraForum is Powered by RedHat