From owner-freebsd-security@FreeBSD.ORG Fri Dec 17 15:51:38 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5D2C216A4CE for ; Fri, 17 Dec 2004 15:51:38 +0000 (GMT) Received: from stelesys.com (web1.stelesys.com [63.175.100.39]) by mx1.FreeBSD.org (Postfix) with ESMTP id D412043D2D for ; Fri, 17 Dec 2004 15:51:37 +0000 (GMT) (envelope-from jerry@syslog.org) Received: from [127.0.0.1] (helo=www.stelesys.com) by stelesys.com with esmtpa (Exim 4.43 (FreeBSD)) id 1CfKOF-000OVC-4G for freebsd-security@freebsd.org; Fri, 17 Dec 2004 10:51:35 -0500 Received: from 209.134.164.137 (SquirrelMail authenticated user jerry@syslog.org); by www.stelesys.com with HTTP; Fri, 17 Dec 2004 10:51:35 -0500 (EST) Message-ID: <2641.209.134.164.137.1103298695.squirrel@209.134.164.137> Date: Fri, 17 Dec 2004 10:51:35 -0500 (EST) From: "Jerry Bell" To: freebsd-security@freebsd.org User-Agent: SquirrelMail/1.4.3a X-Mailer: SquirrelMail/1.4.3a MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal Subject: re: Strange command histories in hacked shell server X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 17 Dec 2004 15:51:38 -0000 Did I understand correctly, that anyone can connect to the shell server and create an account for themselves? I have a somewhat rudimentry hardening guide for FreeBSD at http://www.syslog.org/Content-5-4.phtml I've tried to keep it up-to-date, but I have yet to incorporate MAC, which I think will help out a good bit more. I hope you find this a useful. Jerry http://www.syslog.org Ganbold micom.mng.net> wrote: >Please give me some advice and info regarding this kind of hack. >What should I do in order to secure my shell server? I mean except >securelevel, unneeded services etc. >Can somebody give me some hints on file and directory permissions? >Is there anybody who has similar server config and already had such issues >and problems?