Linux Security Issues

October 15, 1997

NACS would like the campus community to be aware that there are increasing numbers of people who use their Internet access to attempt to compromise security on networked computers. Their goal is much more often simply gaining access, or creating network congestion (as opposed to stealing information.) This means that UCI computer systems which have not previously been high-profile targets, are increasingly coming under attack.

It makes no difference whether or not users have "something important" on their system, it will be a target. If hackers come, it will be a disruption - perhaps just in terms of the target system but more likely in terms of the network as well.

The campus community may be particularly unaware that LINUX, like other powerful, mutli-user operating systems, is a frequent target among hackers. Information about LINUX, including known ways to compromise security on it, is widely shared on the Internet.

This summer we have had at least 10 LINUX systems broken into. The hackers caused downtime, started "ping bombs" on local UCI networks which caused significant network slowing, forced users to re-install operating system software, and forced NACS to disconnect parts of the network at times to prevent greater outages/security-issues.

The most popular "security hole" exercised this summer has to do with the IMAP daemon. Most Linux users need not run this daemon and our advice is to disable it. If you need more info on this bug, contact us (or see the Linux IMAPD announcement in NACS' web archive dedicated to security issues.)

If you are the owner of a Linux system, you should be aware of these problems. To reduce the likelihood of a system break-in, someone must follow security alerts and install patches as necessary. Further, your system should be inspected for signs of a break-in. If you need help, contact your local computing supporter or NACS for advice. NACS is also available to perform casual security audits and operating system re-installs on a recharge basis.

To maintain the integrity of the network, NACS must occasionally disconnect systems that have been violated. Every attempt will be made to contact local supporters and/or system owners before taking such a step. However, you should be aware that a compromised system may lose its network connectivity so you should take steps to make your system secure.

Here are some security-related mailing lists you may wish to follow:

• uci-linux: send e-mail to listserv@uci.edu with the body "subscribe uci-linux myfirstname mylastname".
• uci-computer-security: send e-mail to listserv@uci.edu with the body "subscribe uci-computer-security myfirstname mylastname".
• cert: send e-mail to cert-advisory-request@cert.org with the body "subscribe username"
• linux-security: send e-mail to majordomo@linux.nrao.edu with the body "subscribe linux-security myaddress".
• bugtraq: send e-mail to listserv@netspace.org with the body "subscribe bugtraq myfirstname mylastname".
• BOS: send e-mail to best-of-security-request@suburbia.net with the body "subscribe best-of-security myfirstname mylastname".

NACS' DCS group now includes Linux among the Unix operating systems for which they can provide system administration support.