Forum OpenACS Q&A: Response to Help! no SSH Telnet Access

Collapse
Posted by Jon Griffin on
You have to start over.

The kernel that came with 7.0 had root exploits, I am sure that some of the stuff installed is also insecure. openSSH itself had an exploit at around 2.3 or 4, and if you have it set to use ssh1 protocol as the default, there are many exploits.

I am not sure though that it is an ssh exploit per se. I would get a new box and secure it before you start. I have (old as it is) some info on hardening an RH box on jongriffin.com and some newer links on dev.jongriffin.com.

Mainly, deinstall all the crap that probably got installed. Run tripwire or the equivalant before you hook it up to the net.

If you are using RH 7.2, upgrade to a non-modular kernel 2.4.13 is good and install the grsecurity patch, you can get the link from my site.

If you have any questions, please contact me either at my email or on the list.

Whatever you do, get rid of that system somehow. Your PG stuff and acs are most likely fine as this appears to be a script kiddie or your log file would have been erased.