Re: Debian Server restored after Compromise

To: debian-project@lists.debian.org
Subject: Re: Debian Server restored after Compromise
From: "Gustavo Franco" <gustavorfranco@gmail.com>
Date: Thu, 13 Jul 2006 18:54:33 +0000
Message-id: <[🔎] 5fabd6fd0607131154h93f2c14o7a80bac8d07740d3@mail.gmail.com>
In-reply-to: <[🔎] 20060713181827.GA4595@localhost.localdomain>
References: <20060713175452.GS1655@finlandia.home.infodrom.org> <[🔎] 20060713181827.GA4595@localhost.localdomain>

On 7/13/06, Bas Zoetekouw <bas@debian.org> wrote:

Hi Martin!

You wrote:

> Debian Server restored after Compromise

Kudos to debian-admin for sorting out the situation so quickly!


Yes!

> An investigation of developer passwords revealed a number of weak
> passwords whose accounts have been locked in response.

That's not good.
Should we maybe implement a stricter password policy?  Or maybe only
allow pubkey ssh authentication?


I agree. pubkey ssh auth only, at least in servers with some core
services. I think the servers to support porters can be more flexible,
their downtime could hurt just one port and won't taint other services
nor the archive - not that this happened with gluck.

Btw, the exact compromised account was identified and locked too?

regards,
-- stratus

Reply to:

References:
- Re: Debian Server restored after Compromise
  - From: Bas Zoetekouw <bas@debian.org>

Prev by Date: Re: Debian Server restored after Compromise
Next by Date: Re: Update on compromise of gluck.debian.org, lock down of other debian.org machines
Previous by thread: Re: Debian Server restored after Compromise
Next by thread: Re: Debian Server restored after Compromise
Index(es):
- Date
- Thread