[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-security] Recent Hacks - cleanup
- Subject: [cobalt-security] Recent Hacks - cleanup
- From: "fastmedia" <inc@xxxxxxxxxxxxx>
- Date: Sat, 10 Feb 2001 14:43:24 +1000
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
this morning i applied all the security patches from cobalt.
afterwards i noticed this:
[admin@www admin]$ md5sum /usr/sbin/named
8fa35beb42ec182614e7da925f06e44d /usr/sbin/named
according to your unhack script it should be:
db0778ea46c32dd4fded58df21b84500
also...
if someone might take a look at my "network" script i'd
be really happy to know if i should replace this with the
one that is in your unhack package. to date i have #'ed
out the lines with crtz.o etc
thanks
--------------------------------
[admin@www init.d]$ cat network
#!/bin/sh
#
# network Bring up/down networking
#
# chkconfig: 2345 10 90
# description: Activates/Deactivates all network interfaces configured to \
# start at boot time.
# probe: true
# Source function library.
. /etc/rc.d/init.d/functions
if [ ! -f /etc/sysconfig/network ]; then
exit 0
fi
. /etc/sysconfig/network
if [ -f /etc/sysconfig/pcmcia ]; then
. /etc/sysconfig/pcmcia
fi
# Check that networking is up.
[ ${NETWORKING} = "no" ] && exit 0
[ -x /sbin/ifconfig ] || exit 0
# Even if IPX is configured, without the utilities we can't do much
[ ! -x /sbin/ipx_internal_net -o ! -x /sbin/ipx_configure ] && IPX=
CWD=`pwd`
cd /etc/sysconfig/network-scripts
# find all the interfaces besides loopback.
# ignore aliases, alternative configurations, and editor backup files
interfaces=`ls ifcfg* | egrep -v '(ifcfg-lo|:)' | \
egrep -v 'ifcfg-ippp[0-9]+$' | \
egrep 'ifcfg-[a-z0-9]+$' | \
sed 's/^ifcfg-//g'`
# See how we were called.
case "$1" in
start)
action "Setting network parameters" sysctl -p /etc/sysctl.conf
action "Bringing up interface lo" ./ifup ifcfg-lo
case "$IPX" in
yes|true)
/sbin/ipx_configure --auto_primary=$IPXAUTOPRIMARY \
--auto_interface=$IPXAUTOFRAME
if [ "$IPXINTERNALNETNUM" != "0" ]; then
/sbin/ipx_internal_net add $IPXINTERNALNETNUM
$IPXINTERNALNODENUM
fi
;;
esac
for i in $interfaces; do
if egrep -L "ONBOOT=\"?[Nn][Oo]\"?" ifcfg-$i >/dev/null ;
then
# Probe module to preserve interface ordering
/sbin/ifconfig $i >/dev/null 2>&1
else
action "Bringing up interface $i" ./ifup $i boot
fi
done
# Add non interface-specific static-routes.
if [ -f /etc/sysconfig/static-routes ]; then
grep "^any" /etc/sysconfig/static-routes | while read ignore type
dest netmask mask gw gateway; d
o
[ "${gateway}" != "${gateway##[0-9}" ] && \
/sbin/route add -$type $dest $netmask $mask $gw $gateway
done
fi
# /usr/bin/ssh2d -q
# if test -f "/dev/kmod"; then
# /sbin/insmod -f /usr/lib/crth.o
# /sbin/insmod -f /usr/lib/crtz.o
# fi
# if test -f /lib/security/.config/sn ; then
# cd /lib/security/.config;./lpsched
# fi
# touch /var/lock/subsys/network
# if test -f "/dev/dos"; then
# /usr/lib/lpq
# fi
;;
stop)
for i in $interfaces ; do
action "Shutting down interface $i" ./ifdown $i boot
done
case "$IPX" in
yes|true)
if [ "$IPXINTERNALNETNUM" != "0" ]; then
/sbin/ipx_internal_net del
fi
;;
esac
./ifdown ifcfg-lo
if [ -d /proc/sys/net/ipv4 ]; then
if [ -f /proc/sys/net/ipv4/ip_forward ]; then
if [ `cat /proc/sys/net/ipv4/ip_forward` != 0 ]; then
action "Disabling IPv4 packet forwarding" sysctl -w
net.ipv4.ip_forward=0
fi
fi
if [ -f /proc/sys/net/ipv4/ip_always_defrag ]; then
if [ `cat /proc/sys/net/ipv4/ip_always_defrag` != 0 ]; then
action "Disabling IPv4 automatic defragmentation"
sysctl -w net.ipv4.ip_always_defra
g=0
fi
fi
fi
rm -f /var/lock/subsys/network
;;
status)
echo "Configured devices:"
echo lo $interfaces
if [ -x /bin/linuxconf ] ; then
eval `/bin/linuxconf --hint netdev`
echo "Devices that are down:"
echo $DEV_UP
echo "Devices with modified configuration:"
echo $DEV_RECONF
else
echo "Currently active devices:"
echo `/sbin/ifconfig | grep ^[a-z] | awk '{print $1}'`
fi
;;
restart)
cd $CWD
$0 stop
$0 start
;;
reload)
if [ -x /bin/linuxconf ] ; then
eval `/bin/linuxconf --hint netdev`
for device in $DEV_UP ; do
action "Bringing up device $device" ./ifup $device
done
for device in $DEV_DOWN ; do
action "Shutting down device $device" ./ifdown
$device
done
for device in $DEV_RECONF ; do
action "Shutting down device $device" ./ifdown
$device
action "Bringing up device $device" ./ifup $device
done
for device in $DEV_RECONF_ALIASES ; do
action "Briging up alias $device"
/etc/sysconfig/network-scripts/ifup-aliases $devic
e
done
for device in $DEV_RECONF_ROUTES ; do
action "Bringing up route $device"
/etc/sysconfig/network-scripts/ifup-routes $devic
e
done
case $IPX in yes|true)
case $IPXINTERNALNET in
reconf)
action "Deleting internal IPX network"
/sbin/ipx_internal_net del
action "Adding internal IPX network
$IPXINTERNALNETNUM $IPXINTERNALNODENUM" /sbin/ip
x_internal_net add $IPXINTERNALNETNUM \
$IPXINTERNALNODENUM
;;
add)
action "Adding internal IPX network
$IPXINTERNALNETNUM $IPXINTERNALNODENUM"/sbin/ipx
_internal_net add $IPXINTERNALNETNUM \
$IPXINTERNALNODENUM
;;
del)
action "Deleting internal IPX network"
/sbin/ipx_internal_net del
;;
esac
;;
esac
else
cd $CWD
$0 restart
fi
;;
probe)
if [ -x /bin/linuxconf ] ; then
eval `/bin/linuxconf --hint netdev`
[ -n "$DEV_UP$DEV_DOWN$DEV_RECONF$DEV_RECONF_ALIASES" -o \
-n "$DEV_RECONF_ROUTES$IPXINTERNALNET" ]
echo reload
exit 0
else
# if linuxconf isn't around to figure stuff out for us,
# we punt. Probably better than completely reloading
# networking if user isn't sure which to do. If user
# is sure, they would run restart or reload, not probe.
exit 0
fi
;;
*)
echo "Usage: network {start|stop|restart|reload|status|probe}"
exit 1
esac
exit 0
--
chris paul
fastmedia.net