Hi, I have been experiencing something weird lately. I am setting up a couple of kerberos/ldap authentification servers with a woody "enhanced". By enhanced, I mean that I use several testing packages like syslog-ng, slapd or openssl. I also use a custom 2.6.1 kernel.
Now the problem is that, since these servers are experimental, I often reboot them but this time, no access at all on the network.. After a short investigation (5 sec :-P), i realise that no network is available because the nic module is not loaded, which is in turn due to the file /etc/modules being erased. Even if I am still testing this setup, the network was working untouch for weeks, and I have not touch this file at all on any of these computers. For the same reason, I have not maid any md5sums of the binaries as tampering-detection test. This is most certainly a bug in a package I upgraded (related to the fact that 2.6.0 kernels should not need this file but /etc/modprobe.conf??? or at least that is what I read without being able to actually use this ). But just in case, is there anyone experiencing the same kind of issue? Now, why do I post that on a security ML? I think that this kind of thing has a serious security implication. If one upgrades a package and then reboot 6 mounths later, He is fucked without knowing why. I am also not sure at 100% that it is a package bug but maybe a vile tampering. So has there been anyone experiencing that? And even if this server will be reinstalled from scratch before reaching production, should I do something now? thanks for your advices jacques
