<div>Hi Jeremy,</div><div><br></div><div>Can you tell us what they did to enter in the system? this would be the first thing to change on any dial system.</div><div><br></div><div>Thanks for letting us know that there is a way to compomise a node, that way we can prepare our nodes for a futur attack</div><div><br></div><div>Pierre</div><div>VE2PF</div><div><br></div><div><br><div class="gmail_quote"><div>Le lun. 5 juin 2017 à 17:05, Jeremy Utley <<a href="mailto:jerutley@gmail.com">jerutley@gmail.com</a>> a écrit :<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hello all!<br>
<br>
Forgive me for thread necromancy on this one! I just today had my hub<br>
node compromised - luckily all they did was try to attack SSH on<br>
another host (at least that's all I've been able to determine so far).<br>
So, I'm going to be rebuilding that Hub node tonite. The reason I<br>
post is, I am actually a Linux sys-admin in my day job - would there<br>
be any benefit in me doing a write-up on what all steps I take in<br>
securing DIAL? At least a high-level overview of what I end up doing<br>
that others can build from?<br>
<br>
Also, I just want to make sure - doing the standard apt-get update /<br>
upgrade on DIAL will not break anything, right?<br>
<br>
Jeremy, NQ0M<br>
<br>
On Thu, May 11, 2017 at 11:42 AM, Steve Zingman <<a href="mailto:szingman@msgstor.com" target="_blank">szingman@msgstor.com</a>> wrote:<br>
> Thor,<br>
> I agree that things need to be tightened up. Now that the mandate has<br>
> changed, those things are changing. I would welcome someone taking on the<br>
> guidance in system administration piece of the puzzle.<br>
><br>
> 73, Steve N4IRS<br>
><br>
><br>
> On 5/11/2017 12:35 PM, Thor Wiegman wrote:<br>
>><br>
>> You're not the first person I'm aware of to have this type of problem.<br>
>> AllStarLink nodes are an easy target to become bitcoin miners and members of<br>
>> botnets. Most people installing these nodes don't know the basics of Linux<br>
>> system administration and the defaults aren't even remotely secure.<br>
>><br>
>> Not only should that "debian" user be deleted, the appropriate changes to<br>
>> SSH need to be made to prevent the superuser "root" from logging in<br>
>> remotely. That is one of the first things that everyone needs to be change<br>
>> after installation of a DIAL system, not sure why it's even allowed by<br>
>> default.<br>
>><br>
>> I've noticed that a lot of node ops tend to login as root and execute<br>
>> commands as the root user. Crazy! It's an extremely dangerous and insecure<br>
>> thing to do, but people new to Linux don't know any better.<br>
>><br>
>> It would be nice if the default installation were setup in such a way that<br>
>> prevented or discouraged login by the superuser. It's odd that sudo doesn't<br>
>> appear to be installed by default. Would be very nice if the installation<br>
>> script prompted for the creation of a user account with proper permissions<br>
>> in much the same way as standard distros do. Not perfect, but it's a start.<br>
>><br>
>> Most of these systems are being run by people who are new to Linux. They<br>
>> don't know about Linux/Unix system administration and nobody is "elmering"<br>
>> them in it. The result is people taking dangerous shortcuts and developing<br>
>> bad habits. The community would benefit from some guidance in system<br>
>> administration as well as from some improved defaults in the distro.<br>
>><br>
>><br>
>><br>
>> On 05/10/2017 12:38 PM, <a href="mailto:app_rpt-users-request@lists.allstarlink.org" target="_blank">app_rpt-users-request@lists.allstarlink.org</a> wrote:<br>
>>><br>
>>> What is the "debian" user in the DIAL distro?<br>
>><br>
>><br>
>> _______________________________________________<br>
>> App_rpt-users mailing list<br>
>> <a href="mailto:App_rpt-users@lists.allstarlink.org" target="_blank">App_rpt-users@lists.allstarlink.org</a><br>
>> <a href="http://lists.allstarlink.org/cgi-bin/mailman/listinfo/app_rpt-users" rel="noreferrer" target="_blank">http://lists.allstarlink.org/cgi-bin/mailman/listinfo/app_rpt-users</a><br>
>><br>
>> To unsubscribe from this list please visit<br>
>> <a href="http://lists.allstarlink.org/cgi-bin/mailman/listinfo/app_rpt-users" rel="noreferrer" target="_blank">http://lists.allstarlink.org/cgi-bin/mailman/listinfo/app_rpt-users</a> and<br>
>> scroll down to the bottom of the page. Enter your email address and press<br>
>> the "Unsubscribe or edit options button"<br>
>> You do not need a password to unsubscribe, you can do it via email<br>
>> confirmation. If you have trouble unsubscribing, please send a message to<br>
>> the list detailing the problem.<br>
><br>
><br>
> _______________________________________________<br>
> App_rpt-users mailing list<br>
> <a href="mailto:App_rpt-users@lists.allstarlink.org" target="_blank">App_rpt-users@lists.allstarlink.org</a><br>
> <a href="http://lists.allstarlink.org/cgi-bin/mailman/listinfo/app_rpt-users" rel="noreferrer" target="_blank">http://lists.allstarlink.org/cgi-bin/mailman/listinfo/app_rpt-users</a><br>
><br>
> To unsubscribe from this list please visit<br>
> <a href="http://lists.allstarlink.org/cgi-bin/mailman/listinfo/app_rpt-users" rel="noreferrer" target="_blank">http://lists.allstarlink.org/cgi-bin/mailman/listinfo/app_rpt-users</a> and<br>
> scroll down to the bottom of the page. Enter your email address and press<br>
> the "Unsubscribe or edit options button"<br>
> You do not need a password to unsubscribe, you can do it via email<br>
> confirmation. If you have trouble unsubscribing, please send a message to<br>
> the list detailing the problem.<br>
_______________________________________________<br>
App_rpt-users mailing list<br>
<a href="mailto:App_rpt-users@lists.allstarlink.org" target="_blank">App_rpt-users@lists.allstarlink.org</a><br>
<a href="http://lists.allstarlink.org/cgi-bin/mailman/listinfo/app_rpt-users" rel="noreferrer" target="_blank">http://lists.allstarlink.org/cgi-bin/mailman/listinfo/app_rpt-users</a><br>
<br>
To unsubscribe from this list please visit <a href="http://lists.allstarlink.org/cgi-bin/mailman/listinfo/app_rpt-users" rel="noreferrer" target="_blank">http://lists.allstarlink.org/cgi-bin/mailman/listinfo/app_rpt-users</a> and scroll down to the bottom of the page. Enter your email address and press the "Unsubscribe or edit options button"<br>
You do not need a password to unsubscribe, you can do it via email confirmation. If you have trouble unsubscribing, please send a message to the list detailing the problem. </blockquote></div></div>