Re: chkrootkit has me worried!

To: debian-security@lists.debian.org
Subject: Re: chkrootkit has me worried!
From: Rick Moen <rick@linuxmafia.com>
Date: Wed, 30 Nov 2005 14:30:25 -0800
Message-id: <[🔎] 20051130223025.GO30072@linuxmafia.com>
In-reply-to: <[🔎] lds.0511300806.10653@windlord.akallabeth.de>
References: <5edIE-5ma-11@gated-at.bofh.it> <5epgJ-5CU-21@gated-at.bofh.it> <[🔎] lds.0511300806.10653@windlord.akallabeth.de>

Quoting Thomas Hochstein (ml@ancalagon.inka.de):

> That is not a good idea in a typical hosting environment; if you push
> your backup and the machine to be backupped is compromised, the
> attacker has access to your backups too because the automatic backup
> process has to have the necessary credentials (unless you want to type
> in the credentials every hour/day/week by hand, which is not very
> feasible). 

Remedy:  If backups are set up cleverly using SSH public keypairs, all the
intruder can do is re-run the backup job.  (You would therefore want to
have backups land on a dedicated filesystem, on the backup target host.)

Details:
"SSH Public-key Process" on http://linuxmafia.com/kb/Security/

-- 
Cheers,             
Rick Moen                 "Anger makes dull men witty, but it keeps them poor."
rick@linuxmafia.com                                   -- Elizabeth Tudor

Reply to:

References:
- Re: chkrootkit has me worried!
  - From: Thomas Hochstein <ml@ancalagon.inka.de>

Prev by Date: Re: chkrootkit has me worried!
Next by Date: Re: chkrootkit has me worried!
Previous by thread: Re: chkrootkit has me worried!
Next by thread: Re: chkrootkit has me worried!
Index(es):
- Date
- Thread