[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Debian Server restored after Compromise

Andreas Tille <tillea@rki.de> writes:
> On Fri, 14 Jul 2006, martin f krafft wrote:

>> As stated in the post, at least all those developers had their accounts
>> locked.

> But shouldn't this be done by a dayly cron job that searches for secret
> keys on gluck and any other public Debian host each night?  If the cron
> job would not really lock the account immediately it should at least
> send a warning mail to the admins.

If someone does this, please also check that said secret key is actually
in the Debian keyring.  I may want to generate secret keys for testing
purposes on a Debian host, particularly a porter host, and there's no
security issue with that.

Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/>

Reply to: