Hi, Karsten Dambekalns írta:
Hi. On Thursday 21 July 2005 20:31, Andras Got wrote:The users, the ones the machines was hacked, were they existing users on the machine?I don't know which user account got hacked, if this was what has happened.
It's important to know whether it's an existing account, imho.
Do you use AllowUsers or AllowGroup?No. I hate to admit I didn't know that this is possible. Take back the newbie statement I made earlier. But if a legitimate user account got hacked, this wouldn't have helped, right?
Right, but if not... I suggest, You should also turn on privilege separation and strict mode in sshd, it they are not enabled.
Do you use DSA/RSA key only auth method?Now I do. And it will stay that way, customers have to step back.2.6.7 is vulnerable, 2.4.18 is also... use vanilla kernels with grsec!Now I know. Seems reading bugtraq and the Debian security announce isn't enough. Or I started to late. Or I read too fast. :(
Grsec it's not a miracle, just stops or make them impossible to work many common exploiting shemes, and it's very useful. I think the 2.4 kernel line is better, if you don't have to you anything 2.6 specific.
Karsten