0

We have a number of servers (100+) that we need to increase a certain type of security on. (sortof internal, sorry NDA).

We have thought about using a rootkit of some sort that would be able to keep us access if the main root password has been compromised. It is a time sensitive problem (think high SLA).

What we are after is a script that can take a server and password list and add this backdoor to. We have other software to automate other things, but not this unfortunately.

This is NOT a fishing or hacking goal, we own and have full rights to said servers, we just don't know much about scripting or backdoor type stuff :/

Joshua D'Alton
  • 428
  • 2
  • 13
  • 1
    "This is NOT a fishing or hacking goal, we own and have full rights to said servers, we just don't know much about scripting or backdoor type stuff :/" - Doesn't that just sum up the problem and the solution ? – Antoine Benkemoun Nov 17 '11 at 11:40
  • I'm stuck in a bureaucratic quagmire but yes that is the case. Unfortunately the solution is not as easy as that, because I'm neither the technical team nor management. I'm in a very shit position :( – Joshua D'Alton Nov 17 '11 at 11:47
  • You want to install rootkit software to create a backdoor to increase security? OMG... – Rob van Laarhoven Nov 17 '11 at 11:49
  • 1
    Your idea is not necessarily non-sense but I advise you to read up on the subject big time ! Make sure you are not creating a vulnerability by introducing this "protection". – Antoine Benkemoun Nov 17 '11 at 11:51

1 Answers1

1

So you're defending yourself from a potential vulnerability by introducing another one ?

Adding attack surface won't solve your problem, just use SSH keys, disable password use, store the keys encrypted (and backed-up offline, think usb/cd in a safe), keep you servers updated and you will thwart most attacks.

Every compromised machine MUST be disconnected as soon as possible (think seconds or minutes, not hours !) from your infrastructure and taken to the lab for analysis and maybe recovering files but take care doig that.

Shadok
  • 623
  • 5
  • 10
  • You don't understand, sorry. It isn't from external attacks, it is from .... 'internal'. I can't say anything more specific due to NDA. I know it seems absurd that this situation exists, but I'm sure you all know of the epic waste of government money that can happen. – Joshua D'Alton Nov 17 '11 at 11:52