Return to UOCC HomeComputing News Home
Header bar

Red Hat Linux a Popular Target for Crackers

Campus administrators are strongly advised to secure their machines as soon as possible

John Kemp
kemp@ns.uoregon.edu

Buffer overflows continue to be a popular method of gaining unauthorized access to machines on campus. Departments running machines that utilize the Linux operating system should pay particular attention to this problem.

Red Hat 6.2 Incidents. In the past, the most popular Linux targets have been Red Hat 6.2 machines running the BIND (name server) and WU-FTPD (ftp server) network daemons. There have been a number of cases where a machine on campus has been taken over by an attacker, and that machine has then been used for a DoS (Denial of Service) attack against other remote machines.

Red Hat 7 Incidents. More recently,Red Hat 7.0 machines have started to appear on campus. Two machines have already been compromised in a manner similar to the one described above; however, in these cases, the vulnerability exploited was the lpd (line printer daemon) in the LPRng package. The attackers then used the machines as stepping stones for breaking into other machines.

Improving Security

Campus administrators are strongly advised to secure their machines as soon as possible. In many cases the easiest way to do this is to turn unneeded services off. For many local users, BIND, WU-FTPd, and LPD are not critical resources, and it is better to turn them off if they are not needed.

If network server daemons are required, limiting the exposure of the services to just the uoregon.edu address range is a good idea. That can easily be accomplished by adding "ALL : ALL" to /etc/hosts.deny and "ALL : 128.223., .uoregon.edu" to /etc/hosts.allow. Although this doesn't protect all services, it is a good safety net for the services it does protect.

Another way to improve the security of a machine is by adding buffer overflow prevention. The simplest of these packages to install is the LibSafe package from Bell Labs. The package provides protection against a number of the most well-known vulnerabilities.

As always, security requires vigilance. Administrators are advised to make sure they have a good set of backups, and to keep up to date with the latest patches for their operating system.

Security Resources

Links to the Red Hat Security pages and the Libsafe page are listed below:

http://www.redhat.com/support/errata/rh62-errata-security.html
http://www.redhat.com/support/errata/rh7-errata-security.html
http://www.bell-labs.com/org/11356/libsafe.html

Winter 2001 Computing News | Computing Center Home Page