Re: Debian Server restored after Compromise
Andreas Tille <firstname.lastname@example.org> writes:
> On Fri, 14 Jul 2006, martin f krafft wrote:
>> As stated in the post, at least all those developers had their accounts
> But shouldn't this be done by a dayly cron job that searches for secret
> keys on gluck and any other public Debian host each night? If the cron
> job would not really lock the account immediately it should at least
> send a warning mail to the admins.
If someone does this, please also check that said secret key is actually
in the Debian keyring. I may want to generate secret keys for testing
purposes on a Debian host, particularly a porter host, and there's no
security issue with that.
Russ Allbery (email@example.com) <http://www.eyrie.org/~eagle/>