Re: My machine was hacked - possibly via sshd?

To: DebianSecurity List <debian-security@lists.debian.org>
Subject: Re: My machine was hacked - possibly via sshd?
From: Greg Folkert <greg@gregfolkert.net>
Date: Tue, 29 Mar 2005 14:51:14 -0500
Message-id: <[🔎] 1112125874.29644.34.camel@king.gregfolkert.net>
In-reply-to: <[🔎] 20050329111842.GA16602@mood.ritram.it>
References: <[🔎] Pine.LNX.3.96.1050328121215.32223A-100000@Maggie.Linux-Consulting.com> <[🔎] 42487665.6030007@yahoo.com> <[🔎] 1112045480.1502.1.camel@localhost> <[🔎] 20050329022521.GC9746@infidel.spots.ab.ca> <[🔎] 4248F6D9.5050104@yahoo.ca> <[🔎] 20050329111842.GA16602@mood.ritram.it>

On Tue, 2005-03-29 at 13:18 +0200, Maurizio Lemmo - Tannoiser wrote:
> On martedì 29 marzo 2005, alle 00:34, Adam M. wrote:
> > >But 2.4.18 is the Debian stable kernel, which gets security updates
> > >and patches, no?
> > 
> > No, it doesn't. I really think that packages like this old kernel should
> > be removed from the mirrors, or at least updated with big fat warning.
> 
> Sorry, but this isn't correct.
> kernel 2.4.18-1 in woody is patched against known vulnerability.
> 
> You may take a look on the latest update of it:
> 
> http://www.debian.org/security/2004/dsa-479
> 
> Recent vulnerability involve code not present in this release of kernel.
> This is one of the main reason because security team doesn't want a new
> release of kernel in the stable distribution.

People keep forgetting what Stable means... doesn't mean "get the
latest" it means, this level is maintained. No enhancements, no bugs
fixes that don't affect operations (like spelling errors) and no changes
to the API/ABI set.

> > Anyway, the kernel in woody are not up to date. You *have to* roll your
> > own kernel. At this time you should use the latest 2.4.x kernel, or
> > 2.6.x if you need to. If you don't roll your own kernels, at least for
> > machines with remote access, then all local users can get root.
> 
> Of course, roll its own kernel, is a good practice, but only if the
> admin know what to do. And of course a lot of other "practice" have to
> be take.
> 
> Static kernel, prevent lkm. Grsecurity patch help a lot. ecc.
  WOAH^^^^^^^^^^^^^^^^^^^^^^

No it does not prevent it, just makes it harder. If you are that
paranoid, you should be using selinux extensions and the kernel compiled
with mudflap, ssp and sax.

> 
> But pourpose of kernel in stable isn't to be "the best choice in any
> case", just a reasonable default kernel.

Not only reasonable, but STABLE with no API/ABI changes if at all
possible.

> Then, of course YMMV, and a good admin have daily work to do
> ("security-out-of-the-box" is a buzz word, security is a process, not a
> product) to accomplish well his job.
          ^with the objective 

> All of this, IMHO, obviously.
> 
> My 0.2 cents.

Here is your 18 cents change back. (or if I read wrong, please pay 1.8
cents more :)
-- 
greg, greg@gregfolkert.net

The technology that is
Stronger, better, faster: Linux

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to:

References:
- Re: My machine was hacked - possibly via sshd?
  - From: Alvin Oga <aoga@mail.Linux-Consulting.com>
- Re: My machine was hacked - possibly via sshd?
  - From: Malcolm Ferguson <Malcolm_Ferguson@yahoo.com>
- Re: My machine was hacked - possibly via sshd?
  - From: David Pastern <david@scsenterprises.com.au>
- Re: My machine was hacked - possibly via sshd?
  - From: "s. keeling" <keeling@spots.ab.ca>
- Re: My machine was hacked - possibly via sshd?
  - From: "Adam M." <ummajera@yahoo.ca>
- Re: My machine was hacked - possibly via sshd?
  - From: Maurizio Lemmo - Tannoiser <mizio@tenzione.it>

Prev by Date: Wolfgang Lanzrath ist außer Haus.
Next by Date: Re: My machine was hacked - possibly via sshd?
Previous by thread: Re: My machine was hacked - possibly via sshd?
Next by thread: Re: My machine was hacked - possibly via sshd?
Index(es):
- Date
- Thread