Re: Accounts on debian.org machines
On Tue, 9 Dec 2003 11:04, David B Harris <david@eelf.ddts.net> wrote:
> Or are you saying that you used root@adsl.coker.com.au for your
> computing needs, including storing your unencrypted GPG, unencrypted SSH
> key (or encrypted, in which case both of which use the passwords you've
> posted), your email client, your web browsing, your programming, your
> work, and what have you? :)
It wouldn't surprise me if someone did that.
ssh private keys have been installed on my play machine (never checked whether
they were specially generated for my play machine or copied from somewhere
else), people have used it to ssh and scp to root accounts on other servers
(which presumably are not SE Linux play machines), people have logged in with
X11 and xauth forwarding enabled.
One time someone claimed to have broken the security of my play machine by
writing a shell script to "kill -1" the shells of other users. However they
had apparently enabled X11 forwarding...
Incidentally the adsl.coker.com.au host disappeared 9 months ago when I
switched from Amsterdam ADSL to Melbourne Cable. The details of my new play
machine are linked from my .sig.
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page
Reply to: