Intrusion Detection Software Upgrade
The ol' (open source) Tripwire was getting long on the tooth (and it doesn't run under RHEL4/SL4) so I recently rolled out AIDE. It's pretty much a drop in replacement for Tripwire--at least I was able to write a script to munge it's output into Tripwire style output so our existing IDS and meta file integrity checking systems don't need upgrading.
Arghh!
One of the internal UW-HEP servers was compromised today. Fortunately, our intrusion detection system altered me--rather alerted me--to the problem about seven minutes after the break-in. Those hackers are, just, just "bastard people". Anyway, today was spent upgrading said server.
Digitally Signed Messages
Effective immediately, all important emails regarding UW-HEP computing will be digitally signed: they will have a MIME attachment (PGP.sig) that contains a PGP signature, and a URL telling you where to find the appropriate public PGP key.
Compromised Mac
One of our OS-X Mac systems was broken into recently. The intruders installed two suspect software packages: "Energy Mech" (an IRC bot) was installed in /var/tmp/www and "psyBNC" (also IRC software) was installed in /var/tmp/nsmail. The resulting IRC chatter caused the system to be blackholed by the campus IT folks. Joy.
Acceptable Use
I sent a message around today reminding everyone that the UW-HEP computing facilities are subject to the University of Wisconsin's Acceptable Use Policy...
http://www.doit.wisc.edu/security/policies/appropriate_use.asp
Please be mindful of these facts:
- you may not use the UW-HEP computing facilities to violate State or federal laws.
- you may not use the UW-HEP computing facilities to share unauthorized copyrighted materials
- you must exercise reasonable care to insure that others cannot use your account(s)
- you may not share your password(s) with anyone
Compromised Account
A couple of user accounts where compromised recently. The intruders ran running some sort of IRC (internet relay chat) proxy software. Fortunately our systems rely on AFS authentification and thus don't house individual passwords.
