On 27/06/12 19:18, Seth Vidal wrote:
On Wed, 27 Jun 2012, Dov-el wrote:
> Someone has broken into my fedora 13 machine. Aside from closing
> unused ports on the firewall and router and disabling unused services,
> what should I be doing to harden my set up? Tripwire? AIDE?
> What else? Thanks in advance!
you should stop running out of date releases like fedora 13. Shut your
system down and reinstall from scratch.
security mailing list
Also, this is the wrong
list to seek support for such an issue from.
Further, Seth is right, make a backup, reinstall, analyse backup. Do NOT
reuse data from backup, specially web code specific data. This includes
databases. Everything on the machine should be deemed compromised. File
a law enforcement notice in your country to protect yourself from abuse
claims, remove the machine from the network. Keep hard drive untouched
in case of forensic analysis (this should be a preferred method over a
reinstall on same hard drive) , that your law enforcement department
might want to undertake. Any tainted evidence is useless evidence. Also
note, that at least in the UK, you are responsible for a safe operation
of your system, running a Fedora 13 release, which ended support over a
year ago, is hardly fulfilling the requirement.
Maybe you should consider using Redhat Enterprise or, if it must be and
you do not need support, Centos. otherwise, make sure you maintain your
Fedora release in production. This takes a considerable effort and is
not for everyone. I run multiple Fedora systems in production and they
require constant maintenance.
Tristan Santore BSc MBCS
Network and Infrastructure Operations
Former Thawte Notary
(Please note: Thawte has closed its WoT programme down,
and I am therefore no longer able to accredit trust)
For Fedora related issues, please email me at: