I have two general queries, one specifc to the tcp_wrappers hosts.deny
file, and the other regarding general system security/anti-hack measures.
My hosts.deny file, containing 43 lines of hosts and domains, refuses some
hosts, but not all hosts listed in the file. There are no errors/warnings
written to the log. It seems that the hosts at the top of the file are
refused, but not those farther down.
This is tcp_wrappers 7.4 on DEC alpha 3.2g. The format of hosts.deny is
ALL : \
host.domain .domain \
domain host.domain \
:
Security in general:
This system gets continual hacks from around the world. Mostly, hackers
want to run eggdrop, and other irc software, but occasionally I find code
to take advantage of system vulnerabilities. At the suggestion of a DEC
support tech, I have removed world r/x privs from the c compiler. Login
activity is monitored daily: scripts run in cron nightly to look for the
most typical hack software and to look at logins from outside our domain,
passwords are changed daily on user accounts with 'suspicious' activity.
We run a couple of cracking software onsite, but find that most of the
hacked accounts do not match the accounts that are cracked onsite by us, so
assume other software and/or dictionaries are being used. We are running
base security, and cannot move to C2 until certain applications are
upgraded which will run under C2. I have a cron.allow/at.allow file in
/var/adm/cron, but that doesn't appear to occlude regular accounts from
submitting cron and at jobs. I've tried the /bin/Rsh, but that would not
stop anyone from reading the passwd file or other directory, just prevent
them from cd-ing to other directories, including the $home/subdirs.
We are a university and have a large graduate student population which
telnets in from job sites, so have not put up a firewall to shield our
domain, as we would have to allow them in anyway. We also have
international students who have the audacity to go home and connect from
their home countries (although I'm tempted to merely exclude indonesia and
certain other countries.)
Any other suggestions to make this site unattractive to hackers?
Thanks.
Carole Thompson
California Lutheran University
Received on Wed Sep 17 1997 - 21:10:33 NZST