SUMMARY: security

From: Pandey, Abhimanyu <>
Date: Fri Nov 24 2006 - 12:46:18 EST
Thanks to all for the response.

I have managed to keep the system quite secure until now help from and all of you.

As I prepare to move to a new job (sun admin also) my main concern is
that since there will be a time lag before a new sys admin gets in I
feel morally and realistically obligated to secure our current servers
as much as I can.  Thank you all for those responses.  It will serve my
friends here well.


Ric Anderson [ric@Opus1.COM]

* Go to and subscribe to Sun Alerts so you get

   email from Sun about security issues.

* Make sure you download and install the recommended OS patch cluster


* Disable any network services you don't absolutely know you need.

* Install a package that lets you monitor the MD5 checksums of all

   files and directories, and run the monitor daily (or more often if

   load permits and perceived threat requires it).

* Scan your system daily for new or changed setuid/setgid files, and new

   or changed .rhosts, .shosts, files.

* Monitor the system for multiple instances of inetd, not owned by pid

   One of the break in kits starts an inetd on a (usually deleted)
config file

   that opens a back door on your system.

* Use your router facilities to disable all inbound traffic to your
server subnet

   except for those host/port pairs that you want to be visible outside
your subnet.

Luke Hinds []

Really depends on the level of skill of the individual that has (if they
have) compromised the system.

What leads you into thinking the box may have been hacked?

There are a lot of root kits. Most of them replace binaries such as
netstat, ifconfig, who, history etc to cover up any activity on the box.

If machine has been compromised (depending on its vitalness to be
online) get it off your network, work on it in isolation of any networks
and then rebuild if need be.

After this use an application (like yasp) that creates a checksum of all
your files and then store the database on an read-only floopy. You can
then run a cron job to compare and highlight any descrepencies or
tampering (and get the alarm emailed to you), and of course patch
everything to the latest revision. Also disable any services not needed
(finger, sendmail, rlogin, rcopy etc).

Mauricio Tavares []

tripwire perhaps?

Hutin Bertrand []

you may try to check running processes and file integrity.

for packages use pkgchk

for other files you may install aide (available on sunfreeware)



Abhimanyu Pandey
Information Technologies
Worcester State College
Worcester, MA 01602
Office: 508-929-8913


From: Pandey, Abhimanyu
Sent: Friday, November 24, 2006 11:24 AM
To: ''
Subject: security

Happy Thanksgiving to all of you!

Just a small question:

How does one know that one's unix/solaris system has been
compromised/broken into.

I did read about the root kit, etc, auditing, but is there anything

other than above?

Hence there are two parts to the problem:

One: How to secure?

Two: How to find out if there has been a breach?

Abhimanyu Pandey
Information Technologies
Worcester State College
Worcester, MA 01602
Office: 508-929-8913
sunmanagers mailing list
Received on Fri Nov 24 12:46:56 2006

This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:44:03 EST