[Techtalk] hacked on solaris

caitlynmaire at earthlink.net caitlynmaire at earthlink.net
Sun Aug 25 15:53:15 EST 2002

Hi, Shirell,

Once a system has been hacked as yours has you can never be sure that a
rootkit or other nastiness won't remain unless you wipe the system.  You
can reload data from the last known data before the hack if you know
when that is.

Sun is still patching Solaris 7.  You do *not* need to move to Solaris 8
or Solaris 9 (the current version) to secure your system.  You do need
to download all the recommended patch clusters from
http://sunsolve.sun.com as well as any any relevant patches since the
last cluster was released.

Just having all the patches won't be enough.  You need to take basic
security steps after that.  There is a book called "Solaris Security" I
have at work that is very good, and I can post details (publisher,
author) tomorrow.  It covers things from disabling services you don't
need to restricting access where possible by host or range of IP

I'm sorry to be the bearer of such bad news, but unless you wipe the
system and start over you'll never be sure the hackers aren't still in
there with you.  Be glad it's only one system.  I had 17 SGI and Sun
boxes to worry about after a hack year before last because the previous
admin hadn't been allowed to do his job.

All the best,

More information about the Techtalk mailing list