Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 22 Sep 2001 21:41:36 -0500
From:      Rob Andrews <rob@cyberpunkz.org>
To:        jason <kib@mediaone.net>
Cc:        Rob <europax@home.com>, ybbor@freedom.net, freebsd-questions@FreeBSD.ORG
Subject:   Re: Freebsd being hacked
Message-ID:  <20010922214136.B9739@switchblade.cyberpunkz.org>
In-Reply-To: <01c801c143cd$c9dc4fe0$89941bd8@speakeasy.net>; from kib@mediaone.net on Sat, Sep 22, 2001 at 09:19:22PM -0400
References:  <20010921160628.5AD2337B41A@hub.freebsd.org> <3BAB66EB.2C80217B@home.com> <01c801c143cd$c9dc4fe0$89941bd8@speakeasy.net>

next in thread | previous in thread | raw e-mail | index | archive | help

--dc+cDN39EJAMEtIO
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Sat, Sep 22, 2001 at 09:19:22PM -0400, jason wrote:
> Then after the system boot up to the command prompt mount your drives wit=
h:
> mount -A

ok first off its not -A  :)  its -a to mount all file system.  before you
mount all the file systems in single user mode its would be advised to=20
run fsck on the file systems to insure they are all clean before you
mount them.  better safe than sorry :)
=20
> At that point you should be able to use the passwd command.  Also you sho=
uld
> NEVER allow telnet access to the root or toor accounts (at least in my
> opinion).  If you need root access from remote then create a regular acco=
unt
> and add it to the wheel group.  You can login and us the SU command to de=
al
> with root tasks.

Telnet to any system and then using su for root is a bad idea.  As a matter
of fact sudo can be dangerous if you allow full access or critical applicat=
ion
access on an unencrypted connection..

It would be far more advised to setup sshd on a system for this purpose if
you must insist upon logging in as root.  However I would suggest setting
up sudo and login as a regular user instead.
=20
> Also be sure that you either delete toor or set a password for it.  I
> personally do not like the account so I delete it after install.

toor is a locked account by default.  I fail to see from what he was=20
talking about where deleting the toor account would have made any real
difference since it would possibly appear that someone jacked the account
and did set a password on it so they could attempt to move semi silently
on the system as root without infact being "root".

I use the toor account quite a bit since I am not a csh/tcsh fan.  Its
come in very handy since I'm comfortable in that enviroment.  I've no
need to tamper with either root or toor since some people prefer csh that
admin on a system while other like bash.  with toor and root both intact
and setup per default on the system I have yet to see any real troubles
related directly to toor that would not also directly affect the root
login.  So I don't really see your logic in changing the default since it
was thought out well in the first place or it would not have been installed
that way by the folks building the freebsd default install.

Also my question would be to the originator of this email, what pop3 server
was being used on the system since it would appear that it was possible the=
re
was an exploit used via pop3 to gain access to the system maybe..  My thoug=
ht
is that possibly this is related to qpopper since I heard not so long ago t=
hat
there was an exploit being used against qpopper for something similar to th=
is
very problem.

just my 2 cents..

Cheers..

--=20
Rob Andrews
Administrator
Cyberpunk Alliance
http://www.cyberpunkz.org/
Minneapolis, MN

--dc+cDN39EJAMEtIO
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (FreeBSD)
Comment: For info see http://www.gnupg.org

iD8DBQE7rUvgAXwJ9YLqJJURAmIpAJ9yYsuxlMmEo6wW9EClQ3EN5h9+BwCfWvzo
qEd+RHy4CfZ3zH2GeCbOZ2Q=
=ZK2q
-----END PGP SIGNATURE-----

--dc+cDN39EJAMEtIO--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010922214136.B9739>