On Thu, 09 Oct 2003 10:34:12 +0200
Tarjei Huse [EMAIL PROTECTED] wrote:
TH Hi,
TH The Securing Debian manual suggest one should set the /usr partition
TH to ro and use remount when you install new programs.
TH I was just wondering how much security one gains with this. Wouldn't
TH most hackers
On Tue, 25 Nov 2003 19:51, Chema [EMAIL PROTECTED] wrote:
Making /usr read-only is not for that kind of security. It will keep your
data safe from corruption (soft one, anyway: a disk crash will take
anything with it ;-). Besides, you can get a better performance formating
it with ext2,
Hi!
It seems that something is up now? Just got a bunch of posts on
debian-user, and got myself subscribed here again...
The mailing list archives doesn't seem to be up, and therefore I can't
check what you guys discussed before it all went offline.
The announcement contained little
Thomas Sjögren wrote:
On Fri, Nov 21, 2003 at 01:27:09PM +0100, Jan Wagner wrote:
Thats ATM unknown. It seems, that nobody (except the bad boys) has access to
the boxes. But there are ppl on the way to catch local access. Thats all I
heared.
Ok, so there's no manual auditing on
On Tue, 25 Nov 2003 12:09:11 +0100, Kjetil Kjernsmo [EMAIL PROTECTED]
wrote:
I bet there are a lot of users running around scared, not knowing what
to do really... Any advices for us??
Keep your eye on http://www.wiggy.net/debian/status/
Expect more details to appear there in a day or two.
On Tue, 25 Nov 2003, Dariush Pietrzak wrote:
Well since delayed woody release was released it surely means that
'they' know the answers. So I think this is a perfect time for
post-mortem.
It just means that they were able to check the released packages against
trusted sources, not that
Hi!
Last night my apt-get update ... oicked up a number of unexpected
packages:
The following packages will be upgraded
bsdutils console-data debianutils mount nano procmail procps util-linux
util-linux-locales zlib1g zlib1g-dev
11 packages upgraded, 0 newly installed, 0 to remove and 0 not
On Sun, 23 Nov 2003, Lupe Christoph wrote:
Last night my apt-get update ... oicked up a number of unexpected
packages:
The following packages will be upgraded
bsdutils console-data debianutils mount nano procmail procps util-linux
util-linux-locales zlib1g zlib1g-dev
11 packages
After the Linux kernel server got hacked a few weeks ago, and now this
successful attack at Debian, my confidence is shaken. I hope we'll see full
disclosure about exactly what happened and what's being done to prevent it.
-Jim
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of
On Sun, Nov 23, 2003 at 01:09:27AM -0500, Jim Hubbard wrote:
After the Linux kernel server got hacked a few weeks ago, and now this
successful attack at Debian, my confidence is shaken. I hope we'll see full
disclosure about exactly what happened and what's being done to prevent it.
We were
On Fri, Nov 21, 2003 at 09:17:33AM -0500, Michael Stone wrote:
Thank you for not starting wild unfounded rumors. If you don't have the
facts it is unproductive to speculate wildly, especially in a pejorative
fashion.
No starting rumours or specualting, just asking how the servers got got
On Sun, Nov 23, 2003 at 01:09:27AM -0500, Jim Hubbard wrote:
After the Linux kernel server got hacked a few weeks ago, and now this
successful attack at Debian, my confidence is shaken. I hope we'll see full
I'm curious: why would this serve to shake your confidence?
-- John
--
To
Jim Hubbard wrote:
After the Linux kernel server got hacked a few weeks ago, and now this
successful attack at Debian, my confidence is shaken. I hope we'll see full
disclosure about exactly what happened and what's being done to prevent it.
Well wait for the findings of the debian security
OK, now I got really worried
Because I'm a bit lazy I've put the apt-get update upgrade into the crontab
of one of my machines.
Now is the question, how do I know if those installed packages are hacked or
not ? Some suggestions and help please ?
I've removed
-BEGIN PGP SIGNED MESSAGE-
Thomas Sj?gren [EMAIL PROTECTED] [2003-11-21 16:43]:
On Fri, Nov 21, 2003 at 02:17:52PM +0200, Johann Spies wrote:
On Fri, Nov 21, 2003 at 12:38:50PM +0100, Thomas Sjgren wrote:
Anyone to shed some light over this?
There has been an announcement on
On Friday 21 November 2003 15:14, Thomas Sjögren wrote:
On Fri, Nov 21, 2003 at 02:17:52PM +0200, Johann Spies wrote:
On Fri, Nov 21, 2003 at 12:38:50PM +0100, Thomas Sjögren wrote:
Anyone to shed some light over this
There has been an announcement on the Debian-announce-list a few
On Sat, Nov 22, 2003 at 11:23:52AM +0100, Linux wrote:
The following looks a lot worse to me...
bsdutils, mount util-linux, console-data, procps, zlib1g, gnupg,
util-linux-locales
Suggestions + help how I should do that ?
See
On Fri, Nov 21, 2003 at 01:27:09PM +0100, Jan Wagner wrote:
On Friday 21 November 2003 13:18, Thomas Sj?gren wrote:
On Fri, Nov 21, 2003 at 01:13:35PM +0100, Jan Wagner wrote:
http://luonnotar.infodrom.org/~joey/debian-announce.txt
Read that a minute ago, but what happended?
Thats ATM
On Sun, Nov 23, 2003 at 01:09:27AM -0500, Jim Hubbard scribbled:
After the Linux kernel server got hacked a few weeks ago, and now this
successful attack at Debian, my confidence is shaken. I hope we'll see full
disclosure about exactly what happened and what's being done to prevent it.
Hello,
This is a testing/unstable system.
I was just running 'chkrootkit' and came across this warning:
Checking `lkm'... You have 4 process hidden for ps command
Warning: Possible LKM Trojan installed
I did some reading and made sure the number is not changing (due to
running
On Tue, 25 Nov 2003 21:14:21 +1100
Russell Coker [EMAIL PROTECTED] wrote:
RC On Tue, 25 Nov 2003 19:51, Chema [EMAIL PROTECTED]
RC wrote:
RC Making /usr read-only is not for that kind of security. It will
RC keep your data safe from corruption (soft one, anyway: a disk
RC crash will take
On Saturday November 22 at 02:32am
George Georgalis [EMAIL PROTECTED] wrote:
So, are these compromised updates or urgent patches? I'm guessing the
former..
More likely part of 3.0r2. I've attached the message from
debian-announce.
--
-johann koenig
Now Playing: Red Hot Chili Peppers - The
On Sat, Nov 22, 2003 at 02:32:45AM -0500, George Georgalis wrote:
I thought it was odd there where ~50 urgent security updates all in one
evening.
Those weren't security updates, they were 3.0r2 (aka stable). Check
the debian-devel-announce archives. (When they come back on line.)
Mike Stone
--
Linux wrote:
OK, now I got really worried
Because I'm a bit lazy I've put the apt-get update upgrade into the crontab
of one of my machines.
Now is the question, how do I know if those installed packages are hacked or
not ? Some suggestions and help please ?
I think they are not. They
On Wed, 26 Nov 2003 07:45, Chema [EMAIL PROTECTED] wrote:
RC Why would you get better performance? If you mount noatime then
RC there's no writes to a file system that is accessed in a read-only
RC fashion and there should not be any performance issue.
Hum, ¿are you talking only about ext3?
Thanks to everybody who was taking the time to sooth the novice ... ;0)
Joh
On Tue, 25 Nov 2003 12:18:35 -0800
Johannes Graumann [EMAIL PROTECTED] wrote:
Hello,
This is a testing/unstable system.
I was just running 'chkrootkit' and came across this warning:
Checking `lkm'... You have
On Tue, Nov 25, 2003 at 06:42:21PM -0600, Adam Heath scribbled:
[snip]
are however four processes (ksoftirqd_CPU0, kswapd, bdflush, kupdated)
in existence that show a PID of 0.
Am I right to assume that this is not the lkm kit, but rather some
weiredness in PID assignment?
The same PID
On Thu, 09 Oct 2003 10:34:12 +0200
Tarjei Huse [EMAIL PROTECTED] wrote:
TH Hi,
TH The Securing Debian manual suggest one should set the /usr partition
TH to ro and use remount when you install new programs.
TH I was just wondering how much security one gains with this. Wouldn't
TH most hackers
On Tue, 25 Nov 2003 19:51, Chema [EMAIL PROTECTED] wrote:
Making /usr read-only is not for that kind of security. It will keep your
data safe from corruption (soft one, anyway: a disk crash will take
anything with it ;-). Besides, you can get a better performance formating
it with ext2,
Hi!
It seems that something is up now? Just got a bunch of posts on
debian-user, and got myself subscribed here again...
The mailing list archives doesn't seem to be up, and therefore I can't
check what you guys discussed before it all went offline.
The announcement contained little
Thomas Sjögren wrote:
On Fri, Nov 21, 2003 at 01:27:09PM +0100, Jan Wagner wrote:
Thats ATM unknown. It seems, that nobody (except the bad boys) has access to
the boxes. But there are ppl on the way to catch local access. Thats all I
heared.
Ok, so there's no manual auditing on
information. To suggest possible problems without knowing the scope and
without reading their write up is premature. Better to ask questions
once they feel like they know the answers. :)
Well since delayed woody release was released it surely means that
'they' know the answers. So I
On Tue, 25 Nov 2003 12:09:11 +0100, Kjetil Kjernsmo [EMAIL PROTECTED]
wrote:
I bet there are a lot of users running around scared, not knowing what
to do really... Any advices for us??
Keep your eye on http://www.wiggy.net/debian/status/
Expect more details to appear there in a day or two.
On Sun, 23 Nov 2003, Lupe Christoph wrote:
Last night my apt-get update ... oicked up a number of unexpected
packages:
The following packages will be upgraded
bsdutils console-data debianutils mount nano procmail procps util-linux
util-linux-locales zlib1g zlib1g-dev
11 packages
After the Linux kernel server got hacked a few weeks ago, and now this
successful attack at Debian, my confidence is shaken. I hope we'll see full
disclosure about exactly what happened and what's being done to prevent it.
-Jim
On Sun, Nov 23, 2003 at 01:09:27AM -0500, Jim Hubbard wrote:
After the Linux kernel server got hacked a few weeks ago, and now this
successful attack at Debian, my confidence is shaken. I hope we'll see full
disclosure about exactly what happened and what's being done to prevent it.
We were
On Fri, Nov 21, 2003 at 09:17:33AM -0500, Michael Stone wrote:
Thank you for not starting wild unfounded rumors. If you don't have the
facts it is unproductive to speculate wildly, especially in a pejorative
fashion.
No starting rumours or specualting, just asking how the servers got got
On Sun, Nov 23, 2003 at 01:09:27AM -0500, Jim Hubbard wrote:
After the Linux kernel server got hacked a few weeks ago, and now this
successful attack at Debian, my confidence is shaken. I hope we'll see full
I'm curious: why would this serve to shake your confidence?
-- John
On Tue, Nov 25, 2003 at 08:21:14AM -0600, John Goerzen wrote:
On Sun, Nov 23, 2003 at 01:09:27AM -0500, Jim Hubbard wrote:
After the Linux kernel server got hacked a few weeks ago, and now this
successful attack at Debian, my confidence is shaken. I hope we'll see full
I'm curious: why
Jim Hubbard wrote:
After the Linux kernel server got hacked a few weeks ago, and now this
successful attack at Debian, my confidence is shaken. I hope we'll see full
disclosure about exactly what happened and what's being done to prevent it.
Well wait for the findings of the debian security
OK, now I got really worried
Because I'm a bit lazy I've put the apt-get update upgrade into the crontab
of one of my machines.
Now is the question, how do I know if those installed packages are hacked or
not ? Some suggestions and help please ?
I've removed
On Tue, 2003-11-25 at 20:18, Johannes Graumann wrote:
[...]
I was just running 'chkrootkit' and came across this warning:
Checking `lkm'... You have 4 process hidden for ps command
Warning: Possible LKM Trojan installed
[...]
I then went ahead and manually checked the output of 'ls -a
On Tue, Nov 25, 2003 at 12:18:35PM -0800, Johannes Graumann wrote:
Hello,
This is a testing/unstable system.
I was just running 'chkrootkit' and came across this warning:
Checking `lkm'... You have 4 process hidden for ps command
Warning: Possible LKM Trojan installed
(...)
Thanks to everybody who was taking the time to sooth the novice ... ;0)
Joh
On Tue, 25 Nov 2003 12:18:35 -0800
Johannes Graumann [EMAIL PROTECTED] wrote:
Hello,
This is a testing/unstable system.
I was just running 'chkrootkit' and came across this warning:
Checking `lkm'... You have
On Tue, Nov 25, 2003 at 06:42:21PM -0600, Adam Heath scribbled:
[snip]
are however four processes (ksoftirqd_CPU0, kswapd, bdflush, kupdated)
in existence that show a PID of 0.
Am I right to assume that this is not the lkm kit, but rather some
weiredness in PID assignment?
The same PID
Hello,
This is a testing/unstable system.
I was just running 'chkrootkit' and came across this warning:
Checking `lkm'... You have 4 process hidden for ps command
Warning: Possible LKM Trojan installed
I did some reading and made sure the number is not changing (due to
running
Linux wrote:
OK, now I got really worried
Because I'm a bit lazy I've put the apt-get update upgrade into the crontab
of one of my machines.
Now is the question, how do I know if those installed packages are hacked or
not ? Some suggestions and help please ?
I think they are not.
On Fri, Nov 21, 2003 at 01:27:09PM +0100, Jan Wagner wrote:
On Friday 21 November 2003 13:18, Thomas Sj?gren wrote:
On Fri, Nov 21, 2003 at 01:13:35PM +0100, Jan Wagner wrote:
http://luonnotar.infodrom.org/~joey/debian-announce.txt
Read that a minute ago, but what happended?
Thats ATM
On Sat, Nov 22, 2003 at 11:23:52AM +0100, Linux wrote:
The following looks a lot worse to me...
bsdutils, mount util-linux, console-data, procps, zlib1g, gnupg,
util-linux-locales
Suggestions + help how I should do that ?
See
On Wed, 26 Nov 2003 07:45, Chema [EMAIL PROTECTED] wrote:
RC Why would you get better performance? If you mount noatime then
RC there's no writes to a file system that is accessed in a read-only
RC fashion and there should not be any performance issue.
Hum, ¿are you talking only about ext3?
On Sun, Nov 23, 2003 at 01:09:27AM -0500, Jim Hubbard scribbled:
After the Linux kernel server got hacked a few weeks ago, and now this
successful attack at Debian, my confidence is shaken. I hope we'll see full
disclosure about exactly what happened and what's being done to prevent it.
I was just running 'chkrootkit' and came across this warning:
Checking `lkm'... You have 4 process hidden for ps command
Warning: Possible LKM Trojan installed
I have the same problem.. I believe it's a bug in chkrootkit
Michael
On Saturday November 22 at 02:32am
George Georgalis [EMAIL PROTECTED] wrote:
So, are these compromised updates or urgent patches? I'm guessing the
former..
More likely part of 3.0r2. I've attached the message from
debian-announce.
--
-johann koenig
Now Playing: Red Hot Chili Peppers - The
On Tue, 25 Nov 2003, Johannes Graumann wrote:
Hello,
This is a testing/unstable system.
I was just running 'chkrootkit' and came across this warning:
Checking `lkm'... You have 4 process hidden for ps command
Warning: Possible LKM Trojan installed
I did some reading and made sure
On Sat, Nov 22, 2003 at 02:32:45AM -0500, George Georgalis wrote:
I thought it was odd there where ~50 urgent security updates all in one
evening.
Those weren't security updates, they were 3.0r2 (aka stable). Check
the debian-devel-announce archives. (When they come back on line.)
Mike Stone
On Tue, 25 Nov 2003 21:14:21 +1100
Russell Coker [EMAIL PROTECTED] wrote:
RC On Tue, 25 Nov 2003 19:51, Chema [EMAIL PROTECTED]
RC wrote:
RC Making /usr read-only is not for that kind of security. It will
RC keep your data safe from corruption (soft one, anyway: a disk
RC crash will take
56 matches
Mail list logo