[ale] I was hacked!
Jim Kinney
jim.kinney at gmail.com
Tue Nov 5 09:00:31 EST 2019
+1. Off machine logging is essential for systems that are internet
facing or have other security requirements.
On Tue, 2019-11-05 at 13:55 +0000, Lightner, Jeffrey via Ale wrote:
> If your logging isn't going somewhere else (e.g. a centralized log
> server) and you're not sending email for every login you might not
> know who did a sudo as the hacker might know to clear the logs on the
> server they hacked.
>
> -----Original Message-----From: Ale <ale-bounces at ale.org> On Behalf
> Of Neal Rhodes via AleSent: Monday, November 04, 2019 8:38 PMTo:
> Byron Jeff <byronjeff at clayton.edu>; Atlanta Linux Enthusiasts <
> ale at ale.org>Subject: Re: [ale] I was hacked!
> Well, not allowing anyone to login as root anywhere except the
> physical console tty does mean that at least you have some clue as to
> "Who the heck is logged in"?
> and if someone has done a sudo, you can track it back to an original
> login.
> Yer still hacked, but you may have someone to shoot.
>
> On 2019-11-04 15:57, Byron Jeff via Ale wrote:
> > I thought the same in the first minute, but realized that it
> > doesn't add any operational security. If machine A, user B is
> > compromised (B at A) and B's key's are used to login to B at C using
> > keys, and B has sudo access, then it's trivial for the hacker to
> > login to B at C, change B's password on C, then use it to gain root
> > access on C.
> > I almost start to wonder if passwordless keys really improve
> > security.
> > BAJ
> > On Mon, Nov 04, 2019 at 04:10:41PM -0500, dj-pfulio via Ale wrote:
> > > >> directly. Perhaps 2006? First thing I do on any new machine
> > > is add an
> > > > > account with sudo rights.
> > > >
> > > > I don't see the operational difference between ssh'ing into
> > > > root (using akey) and ssh'ing into another account using a key
> > > > and then sudo'ing to root. You're still getting into the
> > > > machine via a key?
> > >
> > > 2 authentication levels seems to be better than 1, but everyone
> > > has different
> > > requirements._______________________________________________Ale
> > > mailing listAle at ale.org
> > > https://mail.ale.org/mailman/listinfo/ale
> > > See JOBS, ANNOUNCE and SCHOOLS lists at
> > > http://mail.ale.org/mailman/listinfo
> _______________________________________________Ale mailing
> listAle at ale.org
> https://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
> _______________________________________________Ale mailing
> listAle at ale.org
> https://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
--
James P. Kinney III
Every time you stop a school, you will have to build a jail. What you
gain at one end you lose at the other. It's like feeding a dog on his
own tail. It won't fatten the dog.
- Speech 11/23/1900 Mark Twain
http://heretothereideas.blogspot.com/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.ale.org/pipermail/ale/attachments/20191105/43713c21/attachment.html>
More information about the Ale
mailing list