The DU4.0B system that I manage (part time) has been compromised. I do not
know for sure the extent of the problem, but I assume that the attacker
has gained root. I do not know how this was done, but I do know that the
system is not carefully managed due to lack of institutional resources. It
has, no doubt, been in an insecure state for some time. The break-in does
not particularly surprise me. (Although it does annoy me).
I would like to first repair the current situation and also to increase
the security on the system so that this does not happen again. My plan is:
1. Back up user home directories and "critical" configuration files for
some subsystems (like the DNS).
2. Install DU4.0D on the system _from scratch_. I would take this
opportunity to repartition the system's disks while I'm at it (the current
partitioning isn't optimal anyway).
3. Immediately activate enhanced security.
3. Restore user accounts and home directories *after* inspecting that
information for security issues.
4. Reinstall various critical systems, probably from scratch, upgrading
them in the process (why not?). For example: the web server and sendmail.
I welcome comments about this plan. Are there any significant steps I am
forgetting? Anything that I must watch out for? I'm not looking forward to
spending my time doing this, but I suppose it needed doing anyway!
*****************************************************************************
Peter
pchapin_at_twilight.vtc.vsc.edu
http://twilight.vtc.vsc.edu/~pchapin/
The philosophy of C++: "Nothing is false; everything else is true."
Received on Fri Dec 11 1998 - 16:01:37 NZDT