LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   Slackware iptables hacked - how to prevent again? (https://www.linuxquestions.org/questions/linux-security-4/slackware-iptables-hacked-how-to-prevent-again-4175563620/)

Gary Baker 01-11-2016 05:55 AM
Slackware iptables hacked - how to prevent again?
 
Was running Slackware 14.1 with iptables when noticed commands in history that were not mine and permissions had changed on some files. The firewall rules were very simple

Input drop
Forward drop
Output drop

With established,related rule.

What did I do wrong.

Thanks to all for help.

Tonus 01-11-2016 06:01 AM
Slackware iptables hacked - how to prevent again?
 
Physical access and password guessed ?

Did you scanned for rootkits ?

Gary Baker 01-11-2016 06:13 AM
Did not scan for root kits.
No physical access possible.
Possible to have guessed password.

Tonus 01-11-2016 06:19 AM
Slackware iptables hacked - how to prevent again?
 
Try rootkit hunter and chkrootkit.

Change password to stronger one.

What commands where passed and wich file permissions have been modified ?

Gary Baker 01-11-2016 06:47 AM
The entire home directory was modified to permission 1755 from 755.
Programs containing commands were removed from /use/bin.
Thanks for your help.

unSpawn 01-11-2016 05:09 PM
Quote:
Originally Posted by Gary Baker (Post 5476351)
The entire home directory was modified to permission 1755 from 755.
Programs containing commands were removed from /use/bin.
/usr/bin and contents is owned by root.
So you got yourself a root compromise.
Removing those files is not enough.


All times are GMT -5. The time now is 03:06 PM.