[clug] Stopping them at the door

Paul Wayper paul.wayper at anu.edu.au
Mon Feb 14 00:33:37 GMT 2005

Hi there!

As a good administrator, I read the nightly logs of attempted logins and 
send a message to the abuse contacts for each IP that tries to do a 
login scan of my machine.  All of the attacks I've seen so far are just 
scans of common insecure logins, but what I'm worried about is coming in 
in the morning to find the logs saying someone's bashed away with a 
brute force password checker and found my password (they'll be trying to 
find an eight letter made-up word, and I imagine if they started a 
minute after I left in the afternoon they'd still be bashing away on it 
by the time I came back next morning.)

The question I have is: if someone's managed to get access to a non-root 
account, how certain is it that they can get root access?  Is it just 
going to be a matter of uploading a program or typing in a special 
command, or is there something I can do to slow these types of attacks 
down?  Is SELinux the answer?  Or is it just a matter of picking good 
passwords for all the login accounts and hoping?

On a related note, how do I lengthen the amount of time the system 
stores the security logs?

Thanks in advance,


-- Paul Wayper at ANU - +61 2 6125 0643

More information about the linux mailing list