break-in attempts on my server

David Kramer david at thekramers.net
Sun Nov 20 19:03:05 EST 2005 

David Hummel wrote:
> On Sun, Nov 20, 2005 at 05:15:35PM -0500, David Kramer wrote:
>>Note that I had just done a SuseWatcher upgrade.  I don't remember
>>what it upgraded, and don't know how to find out, but based on the
>>timing, I assume that's what killed Postifx.
> 
> Perhaps pay more attention to what the upgrade tool is doing under the
> hood.  If there isn't an easy way to find out, consider using a
> different tool.  Updaters shouldn't kill running servers, they should
> ensure that the servers are restarted after the update.  It's not clear
> if that's what's happening here.

I ran the update by hand, and I looked over the list, so I *knew* what it
installed, but I no longer did.  I may try to do some script funkiness to do
rpm -qai and see packages installed today, but it's history.  It came back
up fine, and seems to be working fine.  If I get bored enough, I might
restore /etc/postfix from my last backup and compare them.

I agree it shouldn't have happened.

>>So I started combing through my /var/log/messages and found LOTS of
>>entries like:
>>
> 8>< [ log entries ]
>>Is there *anything* else I can do?
> 
> Firewall rules are a start.  I would also disable password
> authentication, and use public keys.  There's also the obvious stuff
> like disabling root logins, etc.

I hesitate to go that route because it means I can't walk up to any
internet-enabled computer and connect to my server, as often happens.

Root logins were already disabled, though I did take dsr's idea and put in
the AllowUsers line to only allow ssh logins for about 4 users that need it.
 For some reason, that variable was not in the config file template.  That
server is still running SuSE 9.0, so maybe it's a newer option.

I did change the root password to an even harder one, and rebooted to make
sure everything came back up right.

Thanks all.  I guess it's best to just ignore it, now that I tightened up
ssh a little and ensured nothing actually got through.


-- 
DDDD   David Kramer         david at thekramers.net       http://thekramers.net
DK KD
DKK D  War- the first resort of the unimaginative
DK KD
DDDD

More information about the Discuss mailing list