[ale] I was hacked!

Lightner, Jeffrey JLightner at dsservices.com
Tue Nov 5 08:55:17 EST 2019 

If your logging isn't going somewhere else (e.g. a centralized log server) and you're not sending email for every login you might not know who did a sudo as the hacker might know to clear the logs on the server they hacked.  


-----Original Message-----
From: Ale <ale-bounces at ale.org> On Behalf Of Neal Rhodes via Ale
Sent: Monday, November 04, 2019 8:38 PM
To: Byron Jeff <byronjeff at clayton.edu>; Atlanta Linux Enthusiasts <ale at ale.org>
Subject: Re: [ale] I was hacked!

Well, not allowing anyone to login as root anywhere except the physical console tty does mean that at least you have some clue as to "Who the heck is logged in"?

and if someone has done a sudo, you can track it back to an original login.

Yer still hacked, but you may have someone to shoot.


On 2019-11-04 15:57, Byron Jeff via Ale wrote:
> I thought the same in the first minute, but realized that it doesn't 
> add any operational security. If machine A, user B is compromised 
> (B at A) and B's key's are used to login to B at C using keys, and B has 
> sudo access, then it's trivial for the hacker to login to B at C, change 
> B's password on C, then use it to gain root access on C.
> 
> I almost start to wonder if passwordless keys really improve security.
> 
> BAJ
> 
> On Mon, Nov 04, 2019 at 04:10:41PM -0500, dj-pfulio via Ale wrote:
>>  >> directly. Perhaps 2006?  First thing I do on any new machine is 
>> add an
>> >> account with sudo rights.
>> >
>> > I don't see the operational difference between ssh'ing into root 
>> > (using a
>> > key) and ssh'ing into another account using a key and then sudo'ing 
>> > to root.  You're still getting into the machine via a key?
>> >
>> 
>> 2 authentication levels seems to be better than 1, but everyone has 
>> different requirements.
>> _______________________________________________
>> Ale mailing list
>> Ale at ale.org
>> https://mail.ale.org/mailman/listinfo/ale
>> See JOBS, ANNOUNCE and SCHOOLS lists at 
>> http://mail.ale.org/mailman/listinfo
_______________________________________________
Ale mailing list
Ale at ale.org
https://mail.ale.org/mailman/listinfo/ale
See JOBS, ANNOUNCE and SCHOOLS lists at
http://mail.ale.org/mailman/listinfo

More information about the Ale mailing list