simon@kmun.gov.kw wrote:> i found out that my grep utility was corrupted the size being reduced > which is a clear sign that the pc was attacked. > > Now i would appreciate if you could just let me know how it could be > hacked or if i needed to block any other port apart from the above. > > or do i need to have any IDS OR IPS detection system in addtion to the > firewall software.Your biggest failing is that you have not kept your server (and firewall) updated with software that has regular security updates (neither Red Hat 8 or Red Hat 9 are supported any more). Running a firewall with correct firewall rules is absolutely no guarantee against getting hacked. That is why we always recommend that your internet-accessible servers be placed on a LAN segment by themselves. That way, when one of them gets hacked, the hacker doesn''t have unrestricted access to your other internal systems. A firewall is only one component of a total security strategy. Equally important components of that strategy are: a) Keep your internet-accessible servers at current release levels with the most current security updates. b) Keep your anti-virus software up to date. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
Dear All, I have a red hat 8 linux server running shorewall firewall version 3.0.6 and i have another redhat linux 9 server running as a webserver which has my sql database and also sendmail running i have a rule allowing only port 80 and port 25 and 110 for accessing the webserver and mails Recently i restarted the server n it refused to boot giving me a error message segmentation fault when the grep command is run and used to hang at bootin i found out that my grep utility was corrupted the size being reduced which is a clear sign that the pc was attacked. Now i would appreciate if you could just let me know how it could be hacked or if i needed to block any other port apart from the above. or do i need to have any IDS OR IPS detection system in addtion to the firewall software. Thnaks and Regards Appreciate ur help regards simon ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
Hello, I would also recommend having an IDS like (www.snort.org) in inline or network modes that will keep you on track with what is going on I also recommend reading the logs, and root mail (that is healty from my point of view) If you are paranoid (like me) , you may use http://sourceforge.net/projects/tripwire/ and security updates are important Kind Regards Samer ----- Original Message ----- From: "Tom Eastep" <teastep@shorewall.net> To: "Shorewall Users" <shorewall-users@lists.sourceforge.net> Sent: Sunday, November 26, 2006 6:47 AM Subject: Re: [Shorewall-users] query on shorewall firewall> ------------------------------------------------------------------------- > Take Surveys. Earn Cash. Influence the Future of IT > Join SourceForge.net''s Techsay panel and you''ll get the chance to share > your > opinions on IT & business topics through brief surveys - and earn cash > http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV--------------------------------------------------------------------------------> _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users >------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
And given that it''s just grep that''s corrupt, please do check the SMART status on your HDD, and do a memtest. Prasanna. On 11/26/06, Samer Y. Azmy <samer_symantec@hotmail.com> wrote:> Hello, > > I would also recommend having an IDS like (www.snort.org) in inline or > network modes > > that will keep you on track with what is going on > > I also recommend reading the logs, and root mail (that is healty from my > point of view) > > If you are paranoid (like me) , you may use > http://sourceforge.net/projects/tripwire/ > > and security updates are important > > Kind Regards > Samer > ----- Original Message ----- > From: "Tom Eastep" <teastep@shorewall.net> > To: "Shorewall Users" <shorewall-users@lists.sourceforge.net> > Sent: Sunday, November 26, 2006 6:47 AM > Subject: Re: [Shorewall-users] query on shorewall firewall > > > > ------------------------------------------------------------------------- > > Take Surveys. Earn Cash. Influence the Future of IT > > Join SourceForge.net''s Techsay panel and you''ll get the chance to share > > your > > opinions on IT & business topics through brief surveys - and earn cash > > http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV > > > -------------------------------------------------------------------------------- > > > > _______________________________________________ > > Shorewall-users mailing list > > Shorewall-users@lists.sourceforge.net > > https://lists.sourceforge.net/lists/listinfo/shorewall-users > > > > > ------------------------------------------------------------------------- > Take Surveys. Earn Cash. Influence the Future of IT > Join SourceForge.net''s Techsay panel and you''ll get the chance to share your > opinions on IT & business topics through brief surveys - and earn cash > http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users >------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
Prasanna Krishnamoorthy wrote:> And given that it''s just grep that''s corrupt, please do check the > SMART status on your HDD, and do a memtest.I concur - hard disk or memory going bad sounds the most likely from the description. Paul ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
Thanks Prasanna, it can be memory cause i have swaped the hdd on a identical different machine and the same problem and if i use the rescue mode i can mount all my partitions and see everything also when i try to install redhat i mean upgrade at the time of installing packages shows me the first package name--- package kernel-BOOT-2.4.20.8 finishes it n jus hangs Appreciate if you cd let me know as i dont wanna format the hdd Thnks and Regards simon> Prasanna Krishnamoorthy wrote: >> And given that it''s just grep that''s corrupt, please do check the >> SMART status on your HDD, and do a memtest. > > I concur - hard disk or memory going bad sounds the most likely from the > description. > > Paul > > ------------------------------------------------------------------------- > Take Surveys. Earn Cash. Influence the Future of IT > Join SourceForge.net''s Techsay panel and you''ll get the chance to share > your > opinions on IT & business topics through brief surveys - and earn cash > http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV_______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users >------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
> > Thanks Prasanna, > it can be memory cause i have swaped the hdd on a identical different > machine and the same problem > > and if i use the rescue mode i can mount all my partitions and see > everything > > also when i try to install redhat i mean upgrade at the time of installing > packages shows me the first package name--- package kernel-BOOT-2.4.20.8 > finishes it n jus hangs > > Appreciate if you cd let me know as i dont wanna format the hdd > > Thnks and Regards > > simonI think that Redhat 8/9 will not work at all, sorry, and anyway your firewall will be, most likely , useless , running such arcane and unsupported thing. ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net''s Techsay panel and you''ll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV