Quote:
Originally Posted by digitol
Explain this? ^
Anyhow, Things to try: Edit sudoers file. Disable/enable root user and set your preferences (lock remote desktop) from there. Now a bit more invasive; boot single user, use .SetupDone to make admin user if needed. All logs can be viewed via the console. If the remote-sharing box is unchecked chances are your ok. Install outbound/inbound firwalls or sentry. ipnetsentry is boss. Yea. That should do it.
-Digitol-
|
Sorry...
it should have read...
"I have also run root kit detectors. to try and find any issues "
In any event... I have downloaded and installed Fyling Butress. Man I was amazed at how often Google down in California felt the need to ping me...
I will look into ipsentry. I have looked into the sudoers file as well but I couldn;t really make sense of it and will have to look into it again.
What I am really interested in is figuring out where the "Login" or "Remote access log is".
I am systematically trying to find all the possible entry points to the system and I have recently discovered you can even grant remote access with LDAP which I am not even sure if a firewall would block. Then there is UUCP (unix to unix copy) which is another one I am concerned about.
Will a firewall block these and will the sudoers file show if these items are active and running or a threat.
In addition I have looked into TripWire but I am rusty on compiling my own applications. Not sure if it is worth it or if there is something better yet. I have looked into this specific application because some of my permissions are changing on my files and I want to know why. I think Tripwire might be a little over my head at this point.
I also managed to disable root access... but I have another concern with actually finding all the users on the system. Specifically ones which require no password to get access or anoymous users. I can't figure out where the file is which lists them all. I am sorry if this seems stupid. I haven't used a mac for quite a few years now.
Quote:
|
If the remote-sharing box is unchecked chances are your ok
|
To be specific... My Remote Sharing preferences where casually unlocking nearly every day. When I installed Flying Butress. The lock came off once and it has never come off again. To be very speculative and paranoid. That sounds to me like flying butress may have prevented some sort of monitoring system from watching my machine and then perhaps, the "remote admin" came back into machine and changed something again... Since after the firewall installation I found a problem while running a root kit detector. It said the UUCP user on my machine had changed. I don't know how to monitor UUCP. In addition, the flying butress is currently blocking alot of stealth connections. These are harmless correct?