[App_rpt-users] What is the "debian" user in the DIAL distro?

Pierre Martel petem001 at gmail.com
Tue Jun 6 02:28:34 UTC 2017 

Hi Jeremy,

Can you tell us what they did to enter in the system? this would be the
first thing to change on any dial system.

Thanks for letting us know that there is a way to compomise a node, that
way we can prepare our nodes for a futur attack

Pierre
VE2PF


Le lun. 5 juin 2017 à 17:05, Jeremy Utley <jerutley at gmail.com> a écrit :

> Hello all!
>
> Forgive me for thread necromancy on this one!  I just today had my hub
> node compromised - luckily all they did was try to attack SSH on
> another host (at least that's all I've been able to determine so far).
> So, I'm going to be rebuilding that Hub node tonite.  The reason I
> post is, I am actually a Linux sys-admin in my day job - would there
> be any benefit in me doing a write-up on what all steps I take in
> securing DIAL?  At least a high-level overview of what I end up doing
> that others can build from?
>
> Also, I just want to make sure - doing the standard apt-get update /
> upgrade on DIAL will not break anything, right?
>
> Jeremy, NQ0M
>
> On Thu, May 11, 2017 at 11:42 AM, Steve Zingman <szingman at msgstor.com>
> wrote:
> > Thor,
> > I agree that things need to be tightened up. Now that the mandate has
> > changed, those things are changing. I would welcome someone taking on the
> > guidance in system administration piece of the puzzle.
> >
> > 73, Steve N4IRS
> >
> >
> > On 5/11/2017 12:35 PM, Thor Wiegman wrote:
> >>
> >> You're not the first person I'm aware of to have this type of problem.
> >> AllStarLink nodes are an easy target to become bitcoin miners and
> members of
> >> botnets.  Most people installing these nodes don't know the basics of
> Linux
> >> system administration and the defaults aren't even remotely secure.
> >>
> >> Not only should that "debian" user be deleted, the appropriate changes
> to
> >> SSH need to be made to prevent the superuser "root" from logging in
> >> remotely.  That is one of the first things that everyone needs to be
> change
> >> after installation of a DIAL system, not sure why it's even allowed by
> >> default.
> >>
> >> I've noticed that a lot of node ops tend to login as root and execute
> >> commands as the root user.  Crazy!  It's an extremely dangerous and
> insecure
> >> thing to do, but people new to Linux don't know any better.
> >>
> >> It would be nice if the default installation were setup in such a way
> that
> >> prevented or discouraged login by the superuser.  It's odd that sudo
> doesn't
> >> appear to be installed by default.  Would be very nice if the
> installation
> >> script prompted for the creation of a user account with proper
> permissions
> >> in much the same way as standard distros do.  Not perfect, but it's a
> start.
> >>
> >> Most of these systems are being run by people who are new to Linux.
> They
> >> don't know about Linux/Unix system administration and nobody is
> "elmering"
> >> them in it.  The result is people taking dangerous shortcuts and
> developing
> >> bad habits.  The community would benefit from some guidance in system
> >> administration as well as from some improved defaults in the distro.
> >>
> >>
> >>
> >> On 05/10/2017 12:38 PM, app_rpt-users-request at lists.allstarlink.org
> wrote:
> >>>
> >>> What is the "debian" user in the DIAL distro?
> >>
> >>
> >> _______________________________________________
> >> App_rpt-users mailing list
> >> App_rpt-users at lists.allstarlink.org
> >> http://lists.allstarlink.org/cgi-bin/mailman/listinfo/app_rpt-users
> >>
> >> To unsubscribe from this list please visit
> >> http://lists.allstarlink.org/cgi-bin/mailman/listinfo/app_rpt-users and
> >> scroll down to the bottom of the page. Enter your email address and
> press
> >> the "Unsubscribe or edit options button"
> >> You do not need a password to unsubscribe, you can do it via email
> >> confirmation. If you have trouble unsubscribing, please send a message
> to
> >> the list detailing the problem.
> >
> >
> > _______________________________________________
> > App_rpt-users mailing list
> > App_rpt-users at lists.allstarlink.org
> > http://lists.allstarlink.org/cgi-bin/mailman/listinfo/app_rpt-users
> >
> > To unsubscribe from this list please visit
> > http://lists.allstarlink.org/cgi-bin/mailman/listinfo/app_rpt-users and
> > scroll down to the bottom of the page. Enter your email address and press
> > the "Unsubscribe or edit options button"
> > You do not need a password to unsubscribe, you can do it via email
> > confirmation. If you have trouble unsubscribing, please send a message to
> > the list detailing the problem.
> _______________________________________________
> App_rpt-users mailing list
> App_rpt-users at lists.allstarlink.org
> http://lists.allstarlink.org/cgi-bin/mailman/listinfo/app_rpt-users
>
> To unsubscribe from this list please visit
> http://lists.allstarlink.org/cgi-bin/mailman/listinfo/app_rpt-users and
> scroll down to the bottom of the page. Enter your email address and press
> the "Unsubscribe or edit options button"
> You do not need a password to unsubscribe, you can do it via email
> confirmation. If you have trouble unsubscribing, please send a message to
> the list detailing the problem.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.keekles.org/pipermail/app_rpt-users/attachments/20170606/7cdbeb45/attachment.html>

More information about the App_rpt-users mailing list