- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - Linux
- >
- Re: How did they do this?
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-19-2005 02:52 AM
тАО01-19-2005 02:52 AM
Re: How did they do this?
I would suspect an inside job, then start looking at the logs from other hosts from which they could have logged into this one from. (I presume you know approximately when this happened?)
They wiped their fingerprints from the house they burgled, but did they wipe their footprints from the path outside?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-19-2005 03:37 AM
тАО01-19-2005 03:37 AM
Re: How did they do this?
I did have the PAM setup to only allow root logins to members of the wheel group. If this was an inside job, then this would have been done by a wheel group member.
Even if I gave out the root passwd to the world, if you are not a member of the wheel group you can not access the root account unless you are sitting at the console in a secure data center.
As to looking for outside footprints, there is no other access from other systems. Exception, members of the wheel group have access to the system from their local desktops but firewalls prevent access from any other server within the data center. Access to the system was gained from the outside via VPN, else you hit the URL in your web browser.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-19-2005 04:21 AM
тАО01-19-2005 04:21 AM
Re: How did they do this?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-20-2005 01:41 AM
тАО01-20-2005 01:41 AM
Re: How did they do this?
Also, someone posted that the passwords were possibly sniffed. This isn't true if your using SSH..
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-20-2005 02:03 AM
тАО01-20-2005 02:03 AM
Re: How did they do this?
Its been over a year since this incident. I have upgraded all packages. No further incidents have occurred.
Many thanks to all the ideas. I am keeping track of each and every one of these ideas as my baseline for setting up new systems.
I must close this thread now.
Again, thanks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-20-2005 02:04 AM
тАО01-20-2005 02:04 AM
Re: How did they do this?
- « Previous
-
- 1
- 2
- Next »