Hi,
On Mon, 30 Oct 2006, Conor Daly wrote:
> Due to a weak password on one of the kid's accounts and turning on
> password authentication in ssh (see the thread on nxserver), our home
> server got cracked.
Ouch.
> I'm rebuilding the server but I'm just wondering if I'll need to clean out
> all the user accounts too. I have a backup that's fairly recent so
> there'll be no great loss but I'll have to go to a bit of effort to retain
> their recent email.
>> Any thoughts?
Chances are there would be little to be gained from modifying most of the
files in a home dir -- given that person already has rooted you. Likely
candidates might include anything executable, .bashrc, .profile, etc. If
you have recent backups, you might use rsync or something similar to get a
list of what files have changed in each home dir, then peruse anything that
seems unusual.
iSync might be useful if you drop to backups and want to just sync the
email up.
> Oh, and Frank, I'll need to talk to you a bit more about those twin
> sshd_configs you use... :-)
It's fairly straightforward, assuming you can use either two difference
ip addresses or two different ports to bind the two instances to.
https://lists.ubuntu.com/archives/edubuntu-devel/2006-October/001801.html
If your kids don't actually need ssh, I'd suggest using AllowUsers to
restrict access to it.
Gavin
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
