Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

break-in attempts on my server



On Sun, Nov 20, 2005 at 05:15:35PM -0500, David Kramer wrote:
> 
> Note that I had just done a SuseWatcher upgrade.  I don't remember
> what it upgraded, and don't know how to find out, but based on the
> timing, I assume that's what killed Postifx.

Perhaps pay more attention to what the upgrade tool is doing under the
hood.  If there isn't an easy way to find out, consider using a
different tool.  Updaters shouldn't kill running servers, they should
ensure that the servers are restarted after the update.  It's not clear
if that's what's happening here.

> So I started combing through my /var/log/messages and found LOTS of
> entries like:
>
8>< [ log entries ]
> 
> Is there *anything* else I can do?

Firewall rules are a start.  I would also disable password
authentication, and use public keys.  There's also the obvious stuff
like disabling root logins, etc.

-David




BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org