Re: Debian Server restored after Compromise
Andreas Tille <tillea@rki.de> writes:
> On Fri, 14 Jul 2006, martin f krafft wrote:
>> As stated in the post, at least all those developers had their accounts
>> locked.
> But shouldn't this be done by a dayly cron job that searches for secret
> keys on gluck and any other public Debian host each night? If the cron
> job would not really lock the account immediately it should at least
> send a warning mail to the admins.
If someone does this, please also check that said secret key is actually
in the Debian keyring. I may want to generate secret keys for testing
purposes on a Debian host, particularly a porter host, and there's no
security issue with that.
--
Russ Allbery (rra@debian.org) <http://www.eyrie.org/~eagle/>
Reply to: