[asterisk-users] aSTERISK / Vicidial systems over 4MB fiber
Steve Edwards
asterisk.org at sedwards.com
Wed Jun 11 22:24:59 CDT 2008
On Wed, 11 Jun 2008, Mark Adams wrote:
> (I know there are security issues as they have been additional users
> created on my server and irc junk was put in the home folder)
If the box has been compromised, the only recourse is to erase the drives
and start over. You can't trust anything on the box.
Off the top of my head, this is how I would approach the problem.
1) Identify how the box was compromised. (A client box was recently (last
30 days) hacked. It was an old AAH installed by the client. The hacker
used the default password on the admin account to exploit a buffer
overflow in crond to gain root.)
2) Save any essential data -- and only the data, no executables.
3) Take the box off the Internet.
4) Boot DBAN and let it do it's thing.
5) Install a minimal OS from CD/DVD.
6) Clean up after the install -- turn off services, delete users, delete
packages, add packages, etc.
7) Bring up to current patch level from your private repository.
8) Expose the box to the Internet.
9) Cross your fingers and actively monitor the box.
Thanks in advance,
------------------------------------------------------------------------
Steve Edwards sedwards at sedwards.com Voice: +1-760-468-3867 PST
Newline Fax: +1-760-731-3000
More information about the asterisk-users
mailing list