Ok, I am no linux admin. A box I have sitting here next to me, that I am running Debian Linux on, was compromised by some friend in China.  After a few emails and conversations with Lawrence at Speakeasy, I installed Portsentry and thought I had the problem under control. Well, I didn’t. Lawrence let me know late yesterday that my line utilization actually went up. Sweet.

So, I embark on a little journey to try and learn more about securing my Debian install, which I have to be honest, I thought was going to be a hell of a lot easier than it turned out to be. Along the way, I was trying to figure out how to turn off services that did not need to be running and found a utility called sysv-rc-conf, which is a really cool utility with a text GUI that let’s you turn services on or off. The hard part was now understanding which services I needed and which I did not. Amazingly, this was quite difficult to do. I have a decent understanding of things, but am by no means a Linux admin.  I tried and thought I understood what each service was before I touched it. So, when the system did not let me log on after my changes, I knew I did something wrong.

I managed to log in on the console after a few attempts at not being able to log in via the console or via SSH.  Once in, I fired up sysv-rc-conf and turned rc and rcS on as I read something somewhere that led me to believe it was a good idea. Well, that was not a good idea. Now the system goes into the never ending boot cycle where it never makes it past trying to start a few services. After 30 cycles, it checks the disk. It is a lot of fun to watch.

I can get into Grub, but I  don’t know what to do there, so that is of little help to me at this point. While I would like to be able to recover this install, I would be happy to be able to tar up and email a directory or to to myself and then do a clean install. I know that is probably in the future for this thing as the fact that it was compromised somehow makes that a necessity.

At this point, I am burning myself a Knoppix disc to see if I can’t do that. If anyone has any pointers, I am all ears.

tags: debian, knoppix, linux, recovery, rescue, security