Scientific Linux Forum.org



  Reply to this topicStart new topicStart Poll

> Computer has been hacked
ddan
 Posted: May 19 2015, 12:49 PM
Quote Post


SLF Junior
**

Group: Members
Posts: 31
Member No.: 2273
Joined: 3-February 13









Greetings,

My computer was hacked about a week ago. Someone converted my backup lvm volume to physical volume. I noticed the difference on Computer file screen. I restalled the system and reloaded my files from backup. I then did a "yum update". But before doing the "yum update" I unmounted all lvm volumes changed the mount point to be dan users and also chmod to 700 for all mount points.

While "yum update" was doing its thing I noticed at my lvm volumes had been mounted. I checked the mount points and they had been changed to root root and 755. I caught the hacker online with me! I checked the firewall and SSH was open. I immediately shut the system down.

I had changed the root and user password to to 20 character password and I would not be possible for someone the crack the password so quickly. Maybe I have a keylogger!

In any case I want to prevent anyone from the outside logging into the computer. I have reset the SSH in the firewall and disabled the SSH service. I'm not sure they got in through SSH. I'm looking for suggestions to prevent this from happening again. What other services should I disable? I'm looking for things to uninstall, delete files and libraries.

ddan
PMEmail Poster
^
ddan
 Posted: May 21 2015, 09:37 AM
Quote Post


SLF Junior
**

Group: Members
Posts: 31
Member No.: 2273
Joined: 3-February 13









I found this article "NSA Configuration Guidance for Operating Systems"

I found this link in a post from 2011

The link has changed to the following:
https://www.nsa.gov/ia/mitigation_guidance/security_configuration_guides/operating_systems.shtml

The is an absolute must read. I had many many security holes in my system. This article should be read by all, even if you have not been hacked. This contains a great deal of useful information on what is available in Linux and how it works.

I now need to make a script to automate this as much as possible.

ddan
PMEmail Poster
^
0 User(s) are reading this topic (0 Guests and 0 Anonymous Users)
0 Members:

Topic Options Reply to this topicStart new topicStart Poll