Emdebian server is back - refurbished

To: Embedded Debian <debian-embedded@lists.debian.org>
Subject: Emdebian server is back - refurbished
From: Wookey <wookey@aleph1.co.uk>
Date: Tue, 22 Nov 2005 15:37:07 +0000
Message-id: <[🔎] 20051122153704.GB15263@xios>
Mail-followup-to: Embedded Debian <debian-embedded@lists.debian.org>

As many of you will have noticed the server has had problems recently. These
were caused by us having an old version of twiki (installed at a time when
there was no Debian package available, so it didn't get security updates,
when they did later becaome avaialble because it was outside the package
management system).

So some hackers messed with our box via the XML-PRC hack. Analysis (by me
and Charles Stevenson (core) - thanx) suggests that they never got more than
www-data access as our kernel was new enough not to be vulnerable to the pre
2.4.21 root-escalation attack. They did install a botnet though.

To be safe we decided to backup important stuff and re-install the machine,
which would also get rid of a lot of desktop packages that were not
appropriate for it's use as a server, and multiplied our security risks.

Allen Curtis (onz), who's box it is, has done this work over the last week
or so, which is why the website was down for a while. (Thanx very much Allen
for that). Charles has assisted with hardening advice, log analysis and
etracting data from the old wiki. 

user passwords have been reset and those with accounts have been mailed. ssh
keys have been removed.

I have finally finished the crosstool build script which can now build a
complete set of toolchains from debian sources, nikita's patches and debian
library and kernel-header binarry packages, then put them in an archive. 

Just needs some apache config to go live, and some website adjustements to
make it obvious would be good too.

the old wiki content, converted to moinmoin form is here:
http://bokeoa.com/~core/emdebianwiki/
Anyone who wants to look through it for stuff that should either go in the
main web pages, or be pasted in to the new wiki, would be most welcome.

If anyone has problems with the box, tell me, core or allen. coming to
irc.freenode.net#emdebian is often most effective.

Thanx for your patience during this upheaval. I think we're just about back
to where we were before but with a more streamlined ship :-)

Wookey
-- 
Aleph One Ltd, Bottisham, CAMBRIDGE, CB5 9BA, UK  Tel +44 (0) 1223 811679
work: http://www.aleph1.co.uk/     play: http://www.chaos.org.uk/~wookey/

Reply to:

Prev by Date: Re: Working Emdebian build environment
Next by Date: Re[3]: Буду благодарна, если vvidu
Previous by thread: Re: Looking to deploy a tutorial for a Linux course
Next by thread: Re[3]: Буду благодарна, если vvidu
Index(es):
- Date
- Thread