From owner-freebsd-questions Tue May 9 3:44:30 2000 Delivered-To: freebsd-questions@freebsd.org Received: from janus.hosting4u.net (janus.hosting4u.net [209.15.2.37]) by hub.freebsd.org (Postfix) with SMTP id 62DD237BABE for ; Tue, 9 May 2000 03:44:27 -0700 (PDT) (envelope-from andy@friends-tv.net) Received: (qmail 23825 invoked from network); 9 May 2000 10:44:16 -0000 Received: from jupiter.hosting4u.net (HELO friends-tv.net) (209.15.2.9) by janus.hosting4u.net with SMTP; 9 May 2000 10:44:16 -0000 Received: from blade ([195.217.160.44]) by friends-tv.net ; Tue, 09 May 2000 05:44:14 -0500 Message-ID: <000b01bfb9a3$e960b460$0100a8c0@blade> From: "Andy Coates" To: Subject: Making by box "non rootable" Date: Tue, 9 May 2000 11:46:59 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2919.6700 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6700 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Hi, I will be shortly putting my FreeBSD3.4-STABLE machine on the net, and will be giving various people user accounts. Can anyone give me a list of, or a website with, the most common ways "hackers" gain root, and most importantly ways on stopping them. The main services I will be running are Apache, MySQL, FTP, Qmail - all of which are recent versions, and hopefully none of those have exploits. I'm hopefully not stupid, and I'd like to think I have everything covered - but if someone did gain root, is there a way that I can tell this from the logs? Or would they just delete those entries anyway? Maybe some other logging program? My main worry is that they could wipe everything - and not having any backup tapes or anything REALLY would upset me. I also keep a close eye on Bugtraq - is this the best way to keep informed and watch out for any new exploits that I can quickly take care of? TIA, Andy. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message