0

We have a number of servers (100+) that we need to increase a certain type of security on. (sortof internal, sorry NDA).

We have thought about using a rootkit of some sort that would be able to keep us access if the main root password has been compromised. It is a time sensitive problem (think high SLA).

What we are after is a script that can take a server and password list and add this backdoor to. We have other software to automate other things, but not this unfortunately.

This is NOT a fishing or hacking goal, we own and have full rights to said servers, we just don't know much about scripting or backdoor type stuff :/

Improve this question
4
  • 1
    "This is NOT a fishing or hacking goal, we own and have full rights to said servers, we just don't know much about scripting or backdoor type stuff :/" - Doesn't that just sum up the problem and the solution ? Commented Nov 17, 2011 at 11:40
  • I'm stuck in a bureaucratic quagmire but yes that is the case. Unfortunately the solution is not as easy as that, because I'm neither the technical team nor management. I'm in a very shit position :( Commented Nov 17, 2011 at 11:47
  • You want to install rootkit software to create a backdoor to increase security? OMG... Commented Nov 17, 2011 at 11:49
  • 1
    Your idea is not necessarily non-sense but I advise you to read up on the subject big time ! Make sure you are not creating a vulnerability by introducing this "protection". Commented Nov 17, 2011 at 11:51

1 Answer 1

Reset to default
1

So you're defending yourself from a potential vulnerability by introducing another one ?

Adding attack surface won't solve your problem, just use SSH keys, disable password use, store the keys encrypted (and backed-up offline, think usb/cd in a safe), keep you servers updated and you will thwart most attacks.

Every compromised machine MUST be disconnected as soon as possible (think seconds or minutes, not hours !) from your infrastructure and taken to the lab for analysis and maybe recovering files but take care doig that.

Improve this answer
1
  • You don't understand, sorry. It isn't from external attacks, it is from .... 'internal'. I can't say anything more specific due to NDA. I know it seems absurd that this situation exists, but I'm sure you all know of the epic waste of government money that can happen. Commented Nov 17, 2011 at 11:52

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.