7 messages in org.freebsd.freebsd-questionsRe: on hammer's, security, and centri...| From | Sent On | Attachments |
|---|---|---|
| Henry Olyer | Feb 7, 2012 4:03 am | |
| Damien Fleuriot | Feb 7, 2012 4:11 am | |
| kron | Feb 7, 2012 4:38 am | |
| Frank Shute | Feb 7, 2012 5:28 am | |
| Steve Bertrand | Feb 7, 2012 5:28 am | |
| Damien Fleuriot | Feb 7, 2012 6:21 am | |
| Roland Smith | Feb 7, 2012 1:46 pm |
| Subject: | Re: on hammer's, security, and centrifuges... | |
|---|---|---|
| From: | Damien Fleuriot (ml...@my.gd) | |
| Date: | Feb 7, 2012 4:11:17 am | |
| List: | org.freebsd.freebsd-questions | |
On 2/7/12 1:03 PM, Henry Olyer wrote:
So I was coding along...
On my laptop, on session #1, and I get a notice that someone did an su. Except I'm the only user and I didn't have an ethernet cord connected. (And no, it wasn't me...)
I just built this laptop a few days ago. Fresh. I did have to get on the net to download/make/install a few critical packages. I do development. And research.
My guess, not one shred of evidence, is that someone got in while I was re-building packages. Some, (for example Maxima,) take hours. And because of problems with gnuplot and pdflib, won't build as packages without re-compilation.
And how would they have done that: - weak root password or something ? - did you allow rootlogin at all through SSH ?
I work with dozens of FreeBSD boxes at work, all of which are under heavy load and present juicy targets for attackers.
We've not had a single breach in security since I started.
You're looking for means of increasing security, it seems to me, once an attacker already has the root. I would suggest preventing said attacker from obtaining the root in the first place.
Perhaps one of the packages you downloaded was backdoored ?
_______________________________________________ free...@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "free...@freebsd.org"