Re: My machine was hacked - possibly via sshd?
On martedì 29 marzo 2005, alle 00:34, Adam M. wrote:
> >But 2.4.18 is the Debian stable kernel, which gets security updates
> >and patches, no?
> No, it doesn't. I really think that packages like this old kernel should
> be removed from the mirrors, or at least updated with big fat warning.
Sorry, but this isn't correct.
kernel 2.4.18-1 in woody is patched against known vulnerability.
You may take a look on the latest update of it:
Recent vulnerability involve code not present in this release of kernel.
This is one of the main reason because security team doesn't want a new
release of kernel in the stable distribution.
> Anyway, the kernel in woody are not up to date. You *have to* roll your
> own kernel. At this time you should use the latest 2.4.x kernel, or
> 2.6.x if you need to. If you don't roll your own kernels, at least for
> machines with remote access, then all local users can get root.
Of course, roll its own kernel, is a good practice, but only if the
admin know what to do. And of course a lot of other "practice" have to
Static kernel, prevent lkm. Grsecurity patch help a lot. ecc.
But pourpose of kernel in stable isn't to be "the best choice in any
case", just a reasonable default kernel.
Then, of course YMMV, and a good admin have daily work to do
("security-out-of-the-box" is a buzz word, security is a process, not a
product) to accomplish well his job.
All of this, IMHO, obviously.
My 0.2 cents.
Principal Snyder: "This is great! Let's do donuts in the football field."
--Buffy the Vampire Slayer: Band Candy