Doug wrote: > Jochen Schulz wrote: > >Martin Lorenz: > > > Thanks to all, who helped > > > > > > it definitely was a rootkit. came in by this exim bug: > > > > Just out of curiosity: do you know when the attacker succeeded? The DSA > > was published Dec 10th. Did you have a (theoretical) chance to install > > the patch beofre the attack? > > I wish you would elaborate. What is a DSA, and what is the patch to which > you refer? (DSA: Denial of Service Attack?)
DSA is Debian Security Advisories. Each one is numbered for later reference. You can read about them here. http://www.debian.org/security/ I recommend subscribing to the debian-security-announce mailing list. Then you will get notice of each advisory as it is posted. It is a low volume list for announcements only. > I assume the patch is something that repels rootkit attacks. Is the > patch applicable to all Linux distros? Is it likely to appear in > the repo? Would my distro most likely include it in the usual > upgrades I do every few days? If you haven't already done so you should also make sure that you have the security repository included in your APT sources.list file. deb http://security.debian.org/ lenny/updates main contrib non-free Replace "lenny" in the above with the name of your current release. The exim4 advisory is this one: http://www.debian.org/security/2010/dsa-2131 I install all security upgrades as quickly as possible on all of my machines. Bob
signature.asc
Description: Digital signature