[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[no subject]
- <!--x-content-type: text/plain -->
- <!--x-date: Wed May 18 09:43:12 2005 -->
- <!--x-from-r13: rfbgrevp ng 3gvzrf25.arg (Urbsserl) -->
- <!--x-message-id: [email protected] -->
- <!--x-reference: [email protected] --> "http://www.w3.org/TR/html4/loose.dtd">
- <!--x-subject: [ale] Sunday 05-22-05 6PM RUN-AS-ROOT CHALLENGE -->
- <li><em>date</em>: Wed May 18 09:43:12 2005</li>
- <li><em>from</em>: esoteric at 3times25.net (Geoffrey)</li>
- <li><em>in-reply-to</em>: <<a href="msg00525.html">[email protected]</a>></li>
- <li><em>references</em>: <<a href="msg00525.html">[email protected]</a>></li>
- <li><em>subject</em>: [ale] Sunday 05-22-05 6PM RUN-AS-ROOT CHALLENGE</li>
As previously noted, I will not be available Sunday.
>
> Overview of the system:
> This challenge is similar to Bob Toxen's "expert hacker" challenge. Like him,
> I will give away the IP address.
>
> Unlike him, though, I will go much further:
> I will give everyone the root password
> I will be running as root the entire time
> I will drop all firewalls and typical security that I run
> I will NOT have a "hot spare" - or more than 1 hard drive in the box
> I will run a server including Apache, PHP
> (Bob said it was very insecure awhile back),
> MySQL, Perl, sshd (if I remember to start it)
> I will NOT add or remove hardware during or immediately after the challenge.
> Moreover, I will do my best to verify that ALL of you can reach root.
>
> For this challenge, I will be removing personal data from the system. My worry
> is not to protect it from loss, but since I will be giving FULL access to the
> entire box - and want to keep the private data private. Outside of the
> missing data, the lack of firewalls, and the direct connection to the 'Net,
> you will have direct access to the setup that I run everyday as root. I can't
> think of anything else that will aid my defeat. My point is that I will not
> try to hinder the hacking - I will let the box sit "insecurely."
> (Note: I have been having weird net connection problems for a week or two.
> It's been ultra slow. If there is a connection problem on Sunday, we can move
> the challenge to whatever time I can connect. The downtime is short-lived.)
>
> Rooting for the visitors:
> Some strategy is in order. Some of you may want to run rm -rf / as root while
> others may want to install some type of virus or trojan. I suggest you use
> this thread to coordinate that - so that you won't bump heads.
>
>
>
> Challenge results:
> The challenge will have no "tie." I will either restore the system back to
> clean state quickly (and outline how I did so), or I lose the competition.
>
> IF I am unable to restore the system, I would like there to be a consequence.
> That's what makes challenges fun. Perhaps I can fund the pizza for the next
> Installfest ($100 worth) or something like that.
>
> IF I am able to restore the system and explain what steps I did to make sure
> that it's "clean" and fully restored, Geoffrey will be responsible for
> providing me with clear instructions on how to fix the SIX problems (with my
> OS - not Gentoo :) ) that started this thread - within a reasonable amount of
> time. The six problems include and are limited to: 1. Unstable browser. 2.
> Reset mpu port to 300 3. Fix Gnutella 4. Get scanner working 5. Install IVTV
> driver 6. Get noteedit to produce sound
> I would like the instructions so that I can apply the changes *myself* (for
> security reasons and to learn the solutions). I will forward the journals
> that I kept on the issues and take significant steps to assist him.
>
>
>
> My goals:
> 1. To get my system fixed within a reasonable amount of time.
> 2. To prove that I can safely run as root all of the time.
>
> As you all know, I am NOT an expert. I don't like reading manuals much. Most
> of the time, I don't even fully understand them. I am not a professional
> system administrator. I am just a guy who uses Linux to get things done.
> Thus, it should be easy for the group to defeat me in this challenge.
>
> I hope the most vocal anti-run-as-root crowd who sometimes come off as
> "know-it-alls" (i.e.: James Sumners, Jonathan Rickman, George Carless, Jason
> Day, Jerald Sheets, et al) will be available to participate. Moreover, in the
> event Geoffrey needs assistance, my hope is that the "RTFM, It's not a Debian
> problem" people will help him.
--
Until later, Geoffrey
</pre>
<!--X-Body-of-Message-End-->
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->
<hr>
<ul><li><strong>Follow-Ups</strong>:
<ul>
<li><strong><a name="00654" href="msg00654.html">[ale] RESETTING the time of RUN-AS-ROOT CHALLENGE</a></strong>
<ul><li><em>From:</em> groups at ChangingLINKS.com (ChangingLINKS.com)</li></ul></li>
</ul></li></ul>
<!--X-Follow-Ups-End-->
<!--X-References-->
<ul><li><strong>References</strong>:
<ul>
<li><strong><a name="00525" href="msg00525.html">[ale] Sunday 05-22-05 6PM RUN-AS-ROOT CHALLENGE</a></strong>
<ul><li><em>From:</em> groups at ChangingLINKS.com (ChangingLINKS.com)</li></ul></li>
</ul></li></ul>
<!--X-References-End-->
<!--X-BotPNI-->
<ul>
<li>Prev by Date:
<strong><a href="msg00535.html">[ale] [OT] I want to become a ham</a></strong>
</li>
<li>Next by Date:
<strong><a href="msg00537.html">[ale] Linux Distributions</a></strong>
</li>
<li>Previous by thread:
<strong><a href="msg00525.html">[ale] Sunday 05-22-05 6PM RUN-AS-ROOT CHALLENGE</a></strong>
</li>
<li>Next by thread:
<strong><a href="msg00654.html">[ale] RESETTING the time of RUN-AS-ROOT CHALLENGE</a></strong>
</li>
<li>Index(es):
<ul>
<li><a href="maillist.html#00536"><strong>Date</strong></a></li>
<li><a href="threads.html#00536"><strong>Thread</strong></a></li>
</ul>
</li>
</ul>
<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->
</body>
</html>