[asterisk-biz] PBX got Hacked
Steve Totaro
stotaro at totarotechnologies.com
Thu Feb 12 18:30:12 CST 2009
On Thu, Feb 12, 2009 at 6:22 PM, Trixter aka Bret McDanel <
trixter at 0xdecafbad.com> wrote:
> On Thu, 2009-02-12 at 17:08 -0500, Jared Geiger wrote:
> > I saw multiple attacks from OVH.NET IP addresses over the last few
> > weeks as well. I have used a few of the tips in this article to secure
> > PBXs before as well http://nerdvittles.com/?p=580
> > (fail2ban/IPTables).
> >
> > For switchvox the root account seems to have a key, not a password to
> > login. You can always boot in single user mode, create a new user and
> > add that user to the sudoers file then disable root from being able to
> > login via ssh.conf.
> >
> First let me say I have never used switchvox, but if its linux based
> then the following should apply.
>
> can you not just get a shell? If you can you shouldnt have to boot into
> single user mode unless they are doing chattr stuff to only allow
> editing of the password file on a secure runlevel, and this is rare that
> its done.
>
> /etc/passwd, /etc/shadow, /etc/group, /etc/sudoers are all just text
> files and its easy to append a line for new users to those files, just
> as its easy to use the useradd/adduser programs to add users. sshd.conf
> is also a text file which requires sshd to restart to take effect but
> this usually does not drop connections already in process. This can be
> as simple as /etc/init.d/sshd restart or something similar.
>
>
> > You should be able to then setup IPTables on Switchvox as well after
> > going in and creating the second account.
> >
>
> the problem is that you would need it to know to use sudo if it doesnt,
> I do not know if its smart enough to say "you arent root so let me sudo
> this command".
>
>
> --
> Trixter http://www.0xdecafbad.com Bret McDanel
> pgp key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x8AE5C721
>
>
>
More information about the asterisk-biz
mailing list