Date: Sat, 22 Sep 2001 21:41:36 -0500 From: Rob Andrews <rob@cyberpunkz.org> To: jason <kib@mediaone.net> Cc: Rob <europax@home.com>, ybbor@freedom.net, freebsd-questions@FreeBSD.ORG Subject: Re: Freebsd being hacked Message-ID: <20010922214136.B9739@switchblade.cyberpunkz.org> In-Reply-To: <01c801c143cd$c9dc4fe0$89941bd8@speakeasy.net>; from kib@mediaone.net on Sat, Sep 22, 2001 at 09:19:22PM -0400 References: <20010921160628.5AD2337B41A@hub.freebsd.org> <3BAB66EB.2C80217B@home.com> <01c801c143cd$c9dc4fe0$89941bd8@speakeasy.net>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] On Sat, Sep 22, 2001 at 09:19:22PM -0400, jason wrote: > Then after the system boot up to the command prompt mount your drives with: > mount -A ok first off its not -A :) its -a to mount all file system. before you mount all the file systems in single user mode its would be advised to run fsck on the file systems to insure they are all clean before you mount them. better safe than sorry :) > At that point you should be able to use the passwd command. Also you should > NEVER allow telnet access to the root or toor accounts (at least in my > opinion). If you need root access from remote then create a regular account > and add it to the wheel group. You can login and us the SU command to deal > with root tasks. Telnet to any system and then using su for root is a bad idea. As a matter of fact sudo can be dangerous if you allow full access or critical application access on an unencrypted connection.. It would be far more advised to setup sshd on a system for this purpose if you must insist upon logging in as root. However I would suggest setting up sudo and login as a regular user instead. > Also be sure that you either delete toor or set a password for it. I > personally do not like the account so I delete it after install. toor is a locked account by default. I fail to see from what he was talking about where deleting the toor account would have made any real difference since it would possibly appear that someone jacked the account and did set a password on it so they could attempt to move semi silently on the system as root without infact being "root". I use the toor account quite a bit since I am not a csh/tcsh fan. Its come in very handy since I'm comfortable in that enviroment. I've no need to tamper with either root or toor since some people prefer csh that admin on a system while other like bash. with toor and root both intact and setup per default on the system I have yet to see any real troubles related directly to toor that would not also directly affect the root login. So I don't really see your logic in changing the default since it was thought out well in the first place or it would not have been installed that way by the folks building the freebsd default install. Also my question would be to the originator of this email, what pop3 server was being used on the system since it would appear that it was possible there was an exploit used via pop3 to gain access to the system maybe.. My thought is that possibly this is related to qpopper since I heard not so long ago that there was an exploit being used against qpopper for something similar to this very problem. just my 2 cents.. Cheers.. -- Rob Andrews Administrator Cyberpunk Alliance http://www.cyberpunkz.org/ Minneapolis, MN [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE7rUvgAXwJ9YLqJJURAmIpAJ9yYsuxlMmEo6wW9EClQ3EN5h9+BwCfWvzo qEd+RHy4CfZ3zH2GeCbOZ2Q= =ZK2q -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010922214136.B9739>