Path: utzoo!utgpu!water!watmath!clyde!att!osu-cis!killer!tness7!texbell!ssbn!carpet!bill
From: bill@carpet.WLK.COM (Bill Kennedy)
Newsgroups: news.sysadmin
Subject: Security checkup
Keywords: security intruder self-help
Message-ID: <167@carpet.WLK.COM>
Date: 3 Oct 88 01:09:58 GMT
Distribution: na
Organization: W.L. Kennedy Jr. & Associates, Pipe Creek, TX
Lines: 27

One of my neighbor sites was recently vandalized by an electronic
intruder.  That puts my site in some jeopardy because one of the
files compromised was the uucp Systems file.  My site was similarly
vandalized a year or so ago and for all I know the intruder that
attacked my neighbor got the info from my system :-(

I would like to know if one or more of the more seasoned System
Administrators could post some preventative measures that those of
us with less experience could use.  I'm aware that there's little
to protect you from an expert renegade, but I mean the sorts of
things to keep out a journeyman prowler.

On my system, for example, I did not have my root crontab restricted
enough and that's how the intruder got root privileges.  I'm as
puzzled today as I was shocked when it happened.  Further, I am not
asking for anything that would make it easier for a malicious reader
to become an intruder, just a general check up kind of thing, what
things can have setuid, what shouldn't, what kinds of permissions
should be on the contents of certain directories, etc.  Yes, please
even include the obvious like "guest" accounts, I'll bet there are
still some around.

I'm looking forward (and I'll bet a lot more of the greener SA's) to
reading your recommendations.  Thanks!
-- 
Bill Kennedy  Internet:  bill@ssbn.WLK.COM
                Usenet:  { killer | att | rutgers | uunet!bigtex }!ssbn!bill