re: ridiculous situation

Harley,

Perhaps I'm not seeing where your problem lies. From what you describe, you have 5 systems that you've recently inherited, and they've been largely unprotected since they were first turned on.

"you can't simply firewall them off and leave them for
dead."

What are you saying? Are they business critical? If so, determine what services each of them should be providing, and then disable/restrict/limit the available running services to just those. Think about adding tcpwrappers, as well.

Examine the configurations of the machines, and see what's going on. What is the level of the kernel? Would it be worth the time to upgrade? If the systems are business-critical, you'll likely have to schedule maintenance for after hours. Is the default kernel image in place, or were the kernels recompiled specifically for each machine?\

"how would you be sure there are no trojans, bots
etc...chkrootkit and so on, i suppose, but how reliable will the results be?"

What do you mean? You could always do the checks by hand yourself...it would take more time, but perhaps be more reliable.

If I were you, I'd start w/ a security assessment of each machine. Check for setUID files, running services/processes, examine the configuration. Examine the syslogs, see what's currently there. Once you've completed your examination, develop a plan to tighten things up...it may take a while, b/c you'll have to determine the business processes that use these systems. You want to make sure that you don't disrupt those processes in your efforts to secure these systems.

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Your situation isn't so much ridiculous as it is pretty normal...