This archive contains answers to questions sent to Unidata support through mid-2025. Note that the archive is no longer being updated. We provide the archive for reference; many of the answers presented here remain technically correct, even if somewhat outdated. For the most up-to-date information on the use of NSF Unidata software and data services, please consult the Software Documentation first.
>From: address@hidden >Organization: University of Northern Iowa >Keywords: 199901071849.LAA27037 Linux hack Alan- > This is what Melanie and Drew have concluded about >the bizzare incident with Findeisen shutting down our campus >computer system. Would you be able to assist them in restoring >Findeisen without destroying all the software you installed? >Please keep me posted and thanks for your help. The short answer is yes. However, it might be prudent to wipe the disk clean and resinstall the software. Who knows what is lurking around in the mcidas/gempak directories. It is also probably easier for me to just re-install rather than figure out what needs to be backed up. All the data is old by now, so it's not like you are going to lose anything valuable there. I can do the install/setup remotely if you can give me root access (or you could try it on your own if you want to be brave! ;-)). If you want to go this route, then have Drew reformat the disk and remove Windows from it since if this is going to be your LDM system there is no need for dual booting. That will give you another 2GB of disk to use for LDM/GEMPAK/McIDAS. You have a 6 GB disk. If you set aside 4 GB for the ldm data, you would have 2 GB for the Linux install and the software. If he is going to make /home a separate partition, it needs to be at least 500 Mb to hold the McIDAS and GEMPAK distributions. Alternatively, he can leave /home as part of the main root / partition and use a disk quota to set the limit on the size. That way, if it ends up being too small, the quota can be enlarged and he would not have to repartition the disk. I'm curious as to what led them to believe it was hacked (what were the symptoms they found). Cornell had a linux system that was hacked recently also. I wonder if it is the same person. Let me know what route they want to take and if they can provide more details on the symptoms of the breakin (like how they got in), that would be great. I'll wait to hear from you. I'm not going to AMS so I'll be around next week. Don >-------------------------------------------------------------- > >From: IN%"address@hidden" "Melanie Abbas (CNS staff)" 7-JAN-1999 11:59:3 > 6.84 >To: IN%"address@hidden" "Alan Czarnetzki (Earth Science) " >CC: >Subj: findeisen (fwd) > >Your computer had been hacked into. This is an analysis from one of my >students. We need to contact your software person from Colorado to get it >back up and running. > > >Melanie Abbas >CNS Systems Administrator >@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ > @ >Be content with such things as you have. For God himself has said, I shall >never leave you nor forsake you. -Hebrews 13:5 > >Office: WRT 337 Regular hours: 8:00-5:00 >Phone: 273-7029 Fax: 273-7123 Beeper: 235-4135 >@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ > @ > >---------- Forwarded message ---------- >Date: Thu, 7 Jan 1999 11:38:22 -0600 (CST) >From: "Andrew Jones (CS/MATH stud.) " <address@hidden> >To: "Melanie Abbas (CNS staff)" <address@hidden> >Subject: findeisen > > >ok, i think these should be the next steps > >turn this ip, 204.30.67.180, over to ITS and let them try to figure out >who it is if they want to. I didn't see any logins from that subnet on >chaos or nova so it may or may not be one of our users. Netcom is huge I >doubt they'll figure it out anyway. > >i need to reinstall linux on findeisen. there was a lot of stuff trojaned. >login, syslog, w, who, finger, etc. I can't trust it. > >also i want to make a seperate partition for /home because some user >filled up / by filling up his home directory and that caused problems. > >so i need to get in touch with the dude from colorado and figure out how >to keep all his work from being destroyed. what files to backup and how >to restore them type thing. > >later, >drew > > > >