[clug] Stopping them at the door
Paul Wayper
paul.wayper at anu.edu.au
Mon Feb 14 00:33:37 GMT 2005
Hi there!
As a good administrator, I read the nightly logs of attempted logins and
send a message to the abuse contacts for each IP that tries to do a
login scan of my machine. All of the attacks I've seen so far are just
scans of common insecure logins, but what I'm worried about is coming in
in the morning to find the logs saying someone's bashed away with a
brute force password checker and found my password (they'll be trying to
find an eight letter made-up word, and I imagine if they started a
minute after I left in the afternoon they'd still be bashing away on it
by the time I came back next morning.)
The question I have is: if someone's managed to get access to a non-root
account, how certain is it that they can get root access? Is it just
going to be a matter of uploading a program or typing in a special
command, or is there something I can do to slow these types of attacks
down? Is SELinux the answer? Or is it just a matter of picking good
passwords for all the login accounts and hoping?
On a related note, how do I lengthen the amount of time the system
stores the security logs?
Thanks in advance,
Paul
--
-- Paul Wayper at ANU - +61 2 6125 0643
More information about the linux
mailing list