I want to be a Linux admin, and was always told the best way to learn was to set up a box, watch it be compromised, and then learn from there; so that is what I'm setting out to do. I have a few questions on how to go about this (using Ubuntu server).
I plan on connecting directly to my cable modem and leaving sshd running with port 22 open. That's the only thing I'm fairly certain would get it some attention. I also want to run a few other services to see how they are compromised (namely openldap, postfix, squid, and samba).
Should I run these programs one at a time? In other words, do a fresh install, only install ssh, wait for it to be compromised, fix it, and then install samba? Or should I just install all programs at once? Which logs should I be watching specifically (besides the auth log)?
How will I know when my system is compromised?
Can I expect my system to be compromised within minutes? In other words, should I just sit back with tail -f and wait? Or should I maybe check it once a day (or week)?
Anything else I should know? General suggestions?
I'm really looking forward to the responses! I searched and didn't find anything similar, and I'm hoping others might gain knowledge from this as well. If it helps: I only have ~ 3 months of serious Linux use, but have worked my way through a few guides and am starting to feel pretty comfortable. Let me know if this stuff is over my head at the moment or there is something else I should check out before getting into this. Thanks!!
[link] [30 comments]