Hi,

I am working in an institute with a linux cluster and one week ago a hacker got the su password of my personal laptop and tried to access win computers (there are some) via samba. I suppose he was looking for music or video files; fortunately he didn't come to the idea of deleting the work which I depeloped the last four years... Now I have made a backup. But I had to reinstall everything (per chance it wasa the day of the release of Knoppix 3.4... I try to be positive-minded) because when I did an chkrootkit I found that some files were "suspect". I think I know how he got to get to the system... Anyway, I would like to install something that definitively STOPS people like that... Do you have any suggestion?

thanks,
Pau

If you really want security, then go with OpenBSD. It isn't linux, but it is unix based (as opposed to derived), and it has only had 1 security problem with the default install in the past 8 years since the project's formation.

The only downfalsl are that it is not faster than the 2.6.x kernal, but that might change within 18 months... they are very slow to develop improvment since their first priority is for security, so they bash as hard as they can everywhere they can think to. The other problem is that the hardware support is slower to get development to occur since they are trying to find any problems with the hardware first (to patch the holes up in software).

But if you go with an OSX based computer/laptop in the future, then you can buy a piece of software that allows OSX to be run as a Xwindows Desktop Environment ( only works with a BSD since that is what OSX is based off of), with full support of all of it's software.

side comment : Now if Mac would just lose the stupid one button mouse thing, then it would be the best system available to the market. Power of unix usability of windows, stability of FreeBSD.

-----------------------------------------------------------------------------------
Edit

You can still use all of the Linux software and the shells (provided you install support for them (an option with the installers)). just not the drivers.

Well - I don't know what you already did to stop hackers.

Which services are running on the machine?
Is everyone of these needed?
Are they configured for security?
Do you have a firewall?

I guess you have to answer the question of costs:
How much money might be invested once in a security project?
How much money can be spend on a montly base, to keep security up to date?

In both questions 'money' might be replaced with 'time'.

They should separate the cluster from the internet. Most clusters are separated from the net, from what I hear.

If they can't do that, they should put in a device which only allows people onto the lan only via VPN though a commercial firewall, such as cisco, watchguard, sonicwall.
Outside cluster users should have to VPN into the network

They should control the number of users who have access to the cluster.

Perhaps one machine in the lan can act as an intrusion detection system, because there's no reason for a portscan to take place on that private network.

A second machine could act as a honeypot, running honeyd for example.


Using devices such as fingerprint readers is a good idea, becuase if some script kid has put a keylogger on your computer, they still can't copy your fingerprint.

when you visit the site security web sites, you can be noticed there are a lot of ppl trying to own hardware fw/router
if you install one, you will have to look for patch every days

if the win comps have internet access, it will be very hard to stop intrusion by reverse connection

as user unknown said, you may have to look for commercial help