Re: My machine was hacked - possibly via sshd?

To: "debian-security@lists.debian.org" <debian-security@lists.debian.org>
Subject: Re: My machine was hacked - possibly via sshd?
From: Maurizio Lemmo - Tannoiser <mizio@tenzione.it>
Date: Tue, 29 Mar 2005 13:18:42 +0200
Message-id: <[🔎] 20050329111842.GA16602@mood.ritram.it>
Mail-followup-to: "debian-security@lists.debian.org" <debian-security@lists.debian.org>
In-reply-to: <[🔎] 4248F6D9.5050104@yahoo.ca>
References: <[🔎] Pine.LNX.3.96.1050328121215.32223A-100000@Maggie.Linux-Consulting.com> <[🔎] 42487665.6030007@yahoo.com> <[🔎] 1112045480.1502.1.camel@localhost> <[🔎] 20050329022521.GC9746@infidel.spots.ab.ca> <[🔎] 4248F6D9.5050104@yahoo.ca>

On martedì 29 marzo 2005, alle 00:34, Adam M. wrote:
> >But 2.4.18 is the Debian stable kernel, which gets security updates
> >and patches, no?
> 
> No, it doesn't. I really think that packages like this old kernel should
> be removed from the mirrors, or at least updated with big fat warning.

Sorry, but this isn't correct.
kernel 2.4.18-1 in woody is patched against known vulnerability.

You may take a look on the latest update of it:

http://www.debian.org/security/2004/dsa-479

Recent vulnerability involve code not present in this release of kernel.
This is one of the main reason because security team doesn't want a new
release of kernel in the stable distribution.

> Anyway, the kernel in woody are not up to date. You *have to* roll your
> own kernel. At this time you should use the latest 2.4.x kernel, or
> 2.6.x if you need to. If you don't roll your own kernels, at least for
> machines with remote access, then all local users can get root.

Of course, roll its own kernel, is a good practice, but only if the
admin know what to do. And of course a lot of other "practice" have to
be take.

Static kernel, prevent lkm. Grsecurity patch help a lot. ecc.

But pourpose of kernel in stable isn't to be "the best choice in any
case", just a reasonable default kernel.

Then, of course YMMV, and a good admin have daily work to do
("security-out-of-the-box" is a buzz word, security is a process, not a
product) to accomplish well his job.

All of this, IMHO, obviously.

My 0.2 cents.

-- 
Principal Snyder: "This is great!  Let's do donuts in the football field."
	--Buffy the Vampire Slayer: Band Candy

Reply to:

Follow-Ups:
- Re: My machine was hacked - possibly via sshd?
  - From: Simon Heywood <simon@triv.org.uk>
- Re: My machine was hacked - possibly via sshd?
  - From: Greg Folkert <greg@gregfolkert.net>

References:
- Re: My machine was hacked - possibly via sshd?
  - From: Alvin Oga <aoga@mail.Linux-Consulting.com>
- Re: My machine was hacked - possibly via sshd?
  - From: Malcolm Ferguson <Malcolm_Ferguson@yahoo.com>
- Re: My machine was hacked - possibly via sshd?
  - From: David Pastern <david@scsenterprises.com.au>
- Re: My machine was hacked - possibly via sshd?
  - From: "s. keeling" <keeling@spots.ab.ca>
- Re: My machine was hacked - possibly via sshd?
  - From: "Adam M." <ummajera@yahoo.ca>

Prev by Date: Re: My machine was hacked - possibly via sshd?
Next by Date: Re: My machine was hacked - possibly via sshd? - bots
Previous by thread: Re: My machine was hacked - possibly via sshd?
Next by thread: Re: My machine was hacked - possibly via sshd?
Index(es):
- Date
- Thread