>> The unattended-upgrades package is useful here so things like this are
>> applied automatically (see "aptitude show unattended-upgrades").
>
> Unattended upgrades on servers you care about? Doesn't seem wise to
> me. But better than no upgrades, I grant you.
>
> apti-cron or similar for notifyin
On Wed, January 26, 2011 16:21, Andy Smith wrote:
> apt-cron or similar for notifying you of available updates.
+1! :-)
--
Regards,
Jan Henkins
--
Please post to: Hampshire@mailman.lug.org.uk
Web Interface: https://mailman.lug.org.uk/mailman/listinfo/hampshire
LUG URL: http://www.hantslug.or
Hello,
On Wed, Jan 26, 2011 at 04:12:50PM +, Imran Chaudhry wrote:
> exim4 (4.69-9+lenny1) stable-security; urgency=high
>
> * Non-maintainer upload by the Security Team.
> * Fix SMTP file descriptors being leaked to processes invoked with ${run...}
> * Fix memory corruption issue in st
> Hello,
>
> On Wed, Jan 26, 2011 at 09:34:36AM +, Hugo Mills wrote:
>> It needn't be a single root-gaining attack: it could be a
>> combination of a remote non-root attack (e.g. on apache) and a local
>> root escalation.
>
> If this is a Debian install then the recent Exim exploit is a good
On Wed, 26 Jan 2011, Andy Smith wrote:
If this is a Debian install then the recent Exim exploit is a good
candidate. I've had quite a few people caught by that and expect to
find more who still haven't realised they've been compromised yet.
:(
Cheers Andy.
Yes it's a Debian Lenny system.
Ex
Hello,
On Wed, Jan 26, 2011 at 09:34:36AM +, Hugo Mills wrote:
>It needn't be a single root-gaining attack: it could be a
> combination of a remote non-root attack (e.g. on apache) and a local
> root escalation.
If this is a Debian install then the recent Exim exploit is a good
candidate.
On 26 January 2011 00:44, Andy Random wrote:
>
> Thanks guys,
>
> It does indeed look like the server has be compromised :(
>
> I agree with Adam that it seems pretty odd that they would mess with the
> permissions on ssh so only root can use it, without that it would have taken
> me longer to not
On Tue, Jan 25, 2011 at 07:44:31PM -0500, Andy Random wrote:
> It does indeed look like the server has be compromised :(
>
> I agree with Adam that it seems pretty odd that they would mess with
> the permissions on ssh so only root can use it, without that it
> would have taken me longer to notice
> Jan 10 14:04:46 weylandyutani sshd[15443]: Server listening on :: port
> 443.
The compromise is prior to this. 443 is the port usually used for https,
so this looks like an obfuscation technique to allow traffic to flow
unnoticed. It will also tend to get around tarpits.
> Jan 10 14:20:10 weyl
Thanks guys,
It does indeed look like the server has be compromised :(
I agree with Adam that it seems pretty odd that they would mess with the
permissions on ssh so only root can use it, without that it would have
taken me longer to notice the problem...
The "immutable" flag is set on ssh
Hi,
> > Any ideas what is going on?
>
>The file's been modified recently, and the binary is a lot larger
> than it is on my system here(*). I'd hazard a guess you've been
> cracked. Check for rootkits and unexpected processes or net
> connections.
Seems a bit stupid blocking SSH if you have
On Tue, Jan 25 at 08:30, Andy Random wrote:
...
> $ ls -ltr /usr/bin/ssh
> -rwx-- 1 root root 650556 Jan 10 13:54 /usr/bin/ssh
>
> so I tried this:
>
> # chmod 755 /usr/bin/ssh
> chmod: changing permissions of `/usr/bin/ssh': Operation not permitted
It's possible the "immutable" flag has b
On 25/01/11 13:38, Hugo Mills wrote:
On Tue, Jan 25, 2011 at 08:30:43AM -0500, Andy Random wrote:
I'm not sure when this happened but I've just tried to ssh out from
a machine and got the following:
$ ssh
-bash: /usr/bin/ssh: Permission denied
a quick check reveals:
$ ls -ltr /usr/bin/ssh
-rw
On Tue, Jan 25, 2011 at 08:30:43AM -0500, Andy Random wrote:
> I'm not sure when this happened but I've just tried to ssh out from
> a machine and got the following:
>
> $ ssh
> -bash: /usr/bin/ssh: Permission denied
>
> a quick check reveals:
>
> $ ls -ltr /usr/bin/ssh
> -rwx-- 1 root root
Hi,
I'm not sure when this happened but I've just tried to ssh out from a
machine and got the following:
$ ssh
-bash: /usr/bin/ssh: Permission denied
a quick check reveals:
$ ls -ltr /usr/bin/ssh
-rwx-- 1 root root 650556 Jan 10 13:54 /usr/bin/ssh
so I tried this:
# chmod 755 /usr/bi
15 matches
Mail list logo