Re: Compromised system - still ok?

To: debian-security@lists.debian.org
Subject: Re: Compromised system - still ok?
From: Bernd Eckenfels <ecki@lina.inka.de>
Date: Mon, 07 Feb 2005 13:44:19 +0100
Message-id: <[🔎] E1Cy8FX-0007uJ-00@calista.eckenfels.6bone.ka-ip.net>
In-reply-to: <[🔎] 20050207115234.GR8765@A-Eskwadraat.nl>

In article <[🔎] 20050207115234.GR8765@A-Eskwadraat.nl> you wrote:
> I co-administer a system with ~ 250 users, a significant part of them I
> don't know very well personally, and really, I don't rule out some of
> them might try to do some cracking, of, more likely, has such a shoddy
> password policy or infected windows system that their account will be
> used to.
> 
> Should I now reinstall these systems daily?

Well, the problem is of course root compromise. However, on such a system,
break-ins are very likely and you better do checks regularly. This is to
protect your users.

> In both my case, and the thread starter's case, a normal user account
> might or was definitely in the hands of someone malicious. In both
> cases, no evidence whatsoever was there that there was even an attempt
> at becoming root.

Then a re-install might not be needed. At least if you can explain how the
user account could have been compromised.

Bernd

Reply to:

References:
- Re: Compromised system - still ok?
  - From: Jeroen van Wolffelaar <jeroen@wolffelaar.nl>

Prev by Date: Grsecurity patches on Debian
Next by Date: Re: Compromised system - still ok?
Previous by thread: Re: Compromised system - still ok?
Next by thread: Re: Compromised system - still ok?
Index(es):
- Date
- Thread