On Tue, Nov 25, 2003 at 06:42:21PM -0600, Adam Heath scribbled:
[snip]
> > are however four processes (ksoftirqd_CPU0, kswapd, bdflush, kupdated)
> > in existence that show a PID of 0.
> > Am I right to assume that this is not the lkm kit, but rather some
> > weiredness in PID assignment?
> >
> > T
On Tue, Nov 25, 2003 at 06:42:21PM -0600, Adam Heath scribbled:
[snip]
> > are however four processes (ksoftirqd_CPU0, kswapd, bdflush, kupdated)
> > in existence that show a PID of 0.
> > Am I right to assume that this is not the lkm kit, but rather some
> > weiredness in PID assignment?
> >
> > T
Thanks to everybody who was taking the time to sooth the novice ... ;0)
Joh
On Tue, 25 Nov 2003 12:18:35 -0800
Johannes Graumann <[EMAIL PROTECTED]> wrote:
> Hello,
>
> This is a testing/unstable system.
>
> I was just running 'chkrootkit' and came across this warning:
>
> > Checking `lkm'...
Thanks to everybody who was taking the time to sooth the novice ... ;0)
Joh
On Tue, 25 Nov 2003 12:18:35 -0800
Johannes Graumann <[EMAIL PROTECTED]> wrote:
> Hello,
>
> This is a testing/unstable system.
>
> I was just running 'chkrootkit' and came across this warning:
>
> > Checking `lkm'...
On Wed, 26 Nov 2003 07:45, Chema <[EMAIL PROTECTED]> wrote:
> RC> Why would you get better performance? If you mount noatime then
> RC> there's no writes to a file system that is accessed in a read-only
> RC> fashion and there should not be any performance issue.
>
> Hum, ¿are you talking only abo
On Wed, 26 Nov 2003 07:45, Chema <[EMAIL PROTECTED]> wrote:
> RC> Why would you get better performance? If you mount noatime then
> RC> there's no writes to a file system that is accessed in a read-only
> RC> fashion and there should not be any performance issue.
>
> Hum, ¿are you talking only abo
Linux wrote:
OK, now I got really worried
Because I'm a bit lazy I've put the apt-get update & upgrade into the crontab
of one of my machines.
Now is the question, how do I know if those installed packages are hacked or
not ? Some suggestions and help please ?
I think they are not. They ar
Linux wrote:
OK, now I got really worried
Because I'm a bit lazy I've put the apt-get update & upgrade into the crontab
of one of my machines.
Now is the question, how do I know if those installed packages are hacked or
not ? Some suggestions and help please ?
I think they are not. T
On Tue, 25 Nov 2003, Johannes Graumann wrote:
> Hello,
>
> This is a testing/unstable system.
>
> I was just running 'chkrootkit' and came across this warning:
>
> > Checking `lkm'... You have 4 process hidden for ps command
> > Warning: Possible LKM Trojan installed
>
> I did some reading and
On Tue, 25 Nov 2003, Johannes Graumann wrote:
> Hello,
>
> This is a testing/unstable system.
>
> I was just running 'chkrootkit' and came across this warning:
>
> > Checking `lkm'... You have 4 process hidden for ps command
> > Warning: Possible LKM Trojan installed
>
> I did some reading and
> I was just running 'chkrootkit' and came across this warning:
>
> > Checking `lkm'... You have 4 process hidden for ps command
> > Warning: Possible LKM Trojan installed
I have the same problem.. I believe it's a bug in chkrootkit
Michael
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> I was just running 'chkrootkit' and came across this warning:
>
> > Checking `lkm'... You have 4 process hidden for ps command
> > Warning: Possible LKM Trojan installed
I have the same problem.. I believe it's a bug in chkrootkit
Michael
On Sat, Nov 22, 2003 at 02:32:45AM -0500, George Georgalis wrote:
I thought it was odd there where ~50 urgent security updates all in one
evening.
Those weren't security updates, they were 3.0r2 (aka stable). Check
the debian-devel-announce archives. (When they come back on line.)
Mike Stone
--
To
On Tue, 2003-11-25 at 20:18, Johannes Graumann wrote:
[...]
> I was just running 'chkrootkit' and came across this warning:
>
> > Checking `lkm'... You have 4 process hidden for ps command
> > Warning: Possible LKM Trojan installed
[...]
> I then went ahead and manually checked the output of '
On Tue, Nov 25, 2003 at 12:18:35PM -0800, Johannes Graumann wrote:
> Hello,
>
> This is a testing/unstable system.
>
> I was just running 'chkrootkit' and came across this warning:
>
> > Checking `lkm'... You have 4 process hidden for ps command
> > Warning: Possible LKM Trojan installed
>
On Sat, Nov 22, 2003 at 02:32:45AM -0500, George Georgalis wrote:
I thought it was odd there where ~50 urgent security updates all in one
evening.
Those weren't security updates, they were 3.0r2 (aka stable). Check
the debian-devel-announce archives. (When they come back on line.)
Mike Stone
On Saturday November 22 at 02:32am
George Georgalis <[EMAIL PROTECTED]> wrote:
> So, are these compromised updates or urgent patches? I'm guessing the
> former..
More likely part of 3.0r2. I've attached the message from
debian-announce.
--
-johann koenig
Now Playing: Red Hot Chili Peppers - The
On Tue, 2003-11-25 at 20:18, Johannes Graumann wrote:
[...]
> I was just running 'chkrootkit' and came across this warning:
>
> > Checking `lkm'... You have 4 process hidden for ps command
> > Warning: Possible LKM Trojan installed
[...]
> I then went ahead and manually checked the output of '
On Tue, Nov 25, 2003 at 12:18:35PM -0800, Johannes Graumann wrote:
> Hello,
>
> This is a testing/unstable system.
>
> I was just running 'chkrootkit' and came across this warning:
>
> > Checking `lkm'... You have 4 process hidden for ps command
> > Warning: Possible LKM Trojan installed
>
On Saturday November 22 at 02:32am
George Georgalis <[EMAIL PROTECTED]> wrote:
> So, are these compromised updates or urgent patches? I'm guessing the
> former..
More likely part of 3.0r2. I've attached the message from
debian-announce.
--
-johann koenig
Now Playing: Red Hot Chili Peppers - The
On Tue, 25 Nov 2003 21:14:21 +1100
Russell Coker <[EMAIL PROTECTED]> wrote:
RC> On Tue, 25 Nov 2003 19:51, Chema <[EMAIL PROTECTED]>
RC> wrote:
RC> > Making /usr read-only is not for that kind of security. It will
RC> > keep your data safe from corruption (soft one, anyway: a disk
RC> > crash wil
Hello,
This is a testing/unstable system.
I was just running 'chkrootkit' and came across this warning:
> Checking `lkm'... You have 4 process hidden for ps command
> Warning: Possible LKM Trojan installed
I did some reading and made sure the number is not changing (due to
running 'chkrootk
On Sun, Nov 23, 2003 at 01:09:27AM -0500, Jim Hubbard scribbled:
> After the Linux kernel server got hacked a few weeks ago, and now this
> successful attack at Debian, my confidence is shaken. I hope we'll see full
> disclosure about exactly what happened and what's being done to prevent it.
Shak
On Fri, Nov 21, 2003 at 01:27:09PM +0100, Jan Wagner wrote:
>On Friday 21 November 2003 13:18, Thomas Sj?gren wrote:
>> On Fri, Nov 21, 2003 at 01:13:35PM +0100, Jan Wagner wrote:
>> > http://luonnotar.infodrom.org/~joey/debian-announce.txt
>>
>> Read that a minute ago, but what happended?
>
>Thats
On Tue, 25 Nov 2003 21:14:21 +1100
Russell Coker <[EMAIL PROTECTED]> wrote:
RC> On Tue, 25 Nov 2003 19:51, Chema <[EMAIL PROTECTED]>
RC> wrote:
RC> > Making /usr read-only is not for that kind of security. It will
RC> > keep your data safe from corruption (soft one, anyway: a disk
RC> > crash wil
Hello,
This is a testing/unstable system.
I was just running 'chkrootkit' and came across this warning:
> Checking `lkm'... You have 4 process hidden for ps command
> Warning: Possible LKM Trojan installed
I did some reading and made sure the number is not changing (due to
running 'chkrootk
On Sat, Nov 22, 2003 at 11:23:52AM +0100, Linux wrote:
> The following looks a lot worse to me...
> bsdutils, mount util-linux, console-data, procps, zlib1g, gnupg,
> util-linux-locales
>
> Suggestions + help how I should do that ?
See
http://slashdot.org/article.pl?sid=03/11/23/1730227&mode=thr
On Sun, Nov 23, 2003 at 01:09:27AM -0500, Jim Hubbard scribbled:
> After the Linux kernel server got hacked a few weeks ago, and now this
> successful attack at Debian, my confidence is shaken. I hope we'll see full
> disclosure about exactly what happened and what's being done to prevent it.
Shak
On Fri, Nov 21, 2003 at 01:27:09PM +0100, Jan Wagner wrote:
>On Friday 21 November 2003 13:18, Thomas Sj?gren wrote:
>> On Fri, Nov 21, 2003 at 01:13:35PM +0100, Jan Wagner wrote:
>> > http://luonnotar.infodrom.org/~joey/debian-announce.txt
>>
>> Read that a minute ago, but what happended?
>
>Thats
On Friday 21 November 2003 15:14, Thomas Sjögren wrote:
> On Fri, Nov 21, 2003 at 02:17:52PM +0200, Johann Spies wrote:
> > On Fri, Nov 21, 2003 at 12:38:50PM +0100, Thomas Sjögren wrote:
> > > Anyone to shed some light over this
> > There has been an announcement on the Debian-announce-list a few
On Sat, Nov 22, 2003 at 11:23:52AM +0100, Linux wrote:
> The following looks a lot worse to me...
> bsdutils, mount util-linux, console-data, procps, zlib1g, gnupg,
> util-linux-locales
>
> Suggestions + help how I should do that ?
See
http://slashdot.org/article.pl?sid=03/11/23/1730227&mode=thr
-BEGIN PGP SIGNED MESSAGE-
> Thomas Sj?gren <[EMAIL PROTECTED]> [2003-11-21 16:43]:
>
> On Fri, Nov 21, 2003 at 02:17:52PM +0200, Johann Spies wrote:
> > On Fri, Nov 21, 2003 at 12:38:50PM +0100, Thomas SjÃgren wrote:
> > > Anyone to shed some light over this?
> >
> > There has been an ann
OK, now I got really worried
Because I'm a bit lazy I've put the apt-get update & upgrade into the crontab
of one of my machines.
Now is the question, how do I know if those installed packages are hacked or
not ? Some suggestions and help please ?
I've removed procmail+nano+xbase-clients+x
OK, now I got really worried
Because I'm a bit lazy I've put the apt-get update & upgrade into the crontab
of one of my machines.
Now is the question, how do I know if those installed packages are hacked or
not ? Some suggestions and help please ?
I've removed procmail+nano+xbase-clients+x
Jim Hubbard wrote:
After the Linux kernel server got hacked a few weeks ago, and now this
successful attack at Debian, my confidence is shaken. I hope we'll see full
disclosure about exactly what happened and what's being done to prevent it.
Well wait for the findings of the debian security t
On Tue, Nov 25, 2003 at 08:21:14AM -0600, John Goerzen wrote:
> On Sun, Nov 23, 2003 at 01:09:27AM -0500, Jim Hubbard wrote:
> > After the Linux kernel server got hacked a few weeks ago, and now this
> > successful attack at Debian, my confidence is shaken. I hope we'll see full
>
> I'm curious:
On Sun, Nov 23, 2003 at 01:09:27AM -0500, Jim Hubbard wrote:
> After the Linux kernel server got hacked a few weeks ago, and now this
> successful attack at Debian, my confidence is shaken. I hope we'll see full
I'm curious: why would this serve to shake your confidence?
-- John
On Fri, Nov 21, 2003 at 09:17:33AM -0500, Michael Stone wrote:
> Thank you for not starting wild unfounded rumors. If you don't have the
> facts it is unproductive to speculate wildly, especially in a pejorative
> fashion.
No starting rumours or specualting, just asking how the servers got got
roo
On Sun, Nov 23, 2003 at 01:09:27AM -0500, Jim Hubbard wrote:
After the Linux kernel server got hacked a few weeks ago, and now this
successful attack at Debian, my confidence is shaken. I hope we'll see full
disclosure about exactly what happened and what's being done to prevent it.
We were up
After the Linux kernel server got hacked a few weeks ago, and now this
successful attack at Debian, my confidence is shaken. I hope we'll see full
disclosure about exactly what happened and what's being done to prevent it.
-Jim
Jim Hubbard wrote:
After the Linux kernel server got hacked a few weeks ago, and now this
successful attack at Debian, my confidence is shaken. I hope we'll see full
disclosure about exactly what happened and what's being done to prevent it.
Well wait for the findings of the debian security team.
On Tue, Nov 25, 2003 at 08:21:14AM -0600, John Goerzen wrote:
> On Sun, Nov 23, 2003 at 01:09:27AM -0500, Jim Hubbard wrote:
> > After the Linux kernel server got hacked a few weeks ago, and now this
> > successful attack at Debian, my confidence is shaken. I hope we'll see full
>
> I'm curious:
On Sun, Nov 23, 2003 at 01:09:27AM -0500, Jim Hubbard wrote:
> After the Linux kernel server got hacked a few weeks ago, and now this
> successful attack at Debian, my confidence is shaken. I hope we'll see full
I'm curious: why would this serve to shake your confidence?
-- John
--
To UNSUBSC
On Sun, 23 Nov 2003, Lupe Christoph wrote:
> Last night my apt-get update ... oicked up a number of unexpected
> packages:
>
> The following packages will be upgraded
> bsdutils console-data debianutils mount nano procmail procps util-linux
> util-linux-locales zlib1g zlib1g-dev
> 11 packages u
On Fri, Nov 21, 2003 at 09:17:33AM -0500, Michael Stone wrote:
> Thank you for not starting wild unfounded rumors. If you don't have the
> facts it is unproductive to speculate wildly, especially in a pejorative
> fashion.
No starting rumours or specualting, just asking how the servers got got
roo
On Sun, Nov 23, 2003 at 01:09:27AM -0500, Jim Hubbard wrote:
After the Linux kernel server got hacked a few weeks ago, and now this
successful attack at Debian, my confidence is shaken. I hope we'll see full
disclosure about exactly what happened and what's being done to prevent it.
We were up-fro
Hi!
Last night my apt-get update ... oicked up a number of unexpected
packages:
The following packages will be upgraded
bsdutils console-data debianutils mount nano procmail procps util-linux
util-linux-locales zlib1g zlib1g-dev
11 packages upgraded, 0 newly installed, 0 to remove and 0 not
After the Linux kernel server got hacked a few weeks ago, and now this
successful attack at Debian, my confidence is shaken. I hope we'll see full
disclosure about exactly what happened and what's being done to prevent it.
-Jim
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "
On Tue, 25 Nov 2003, Dariush Pietrzak wrote:
> Well since delayed woody release was released it surely means that
> 'they' know the answers. So I think this is a perfect time for
> post-mortem.
It just means that they were able to check the released packages against
trusted sources, not th
On Tue, 25 Nov 2003 12:09:11 +0100, Kjetil Kjernsmo <[EMAIL PROTECTED]>
wrote:
>I bet there are a lot of users running around scared, not knowing what
>to do really... Any advices for us??
Keep your eye on http://www.wiggy.net/debian/status/
Expect more details to appear there in a day or two.
On Sun, 23 Nov 2003, Lupe Christoph wrote:
> Last night my apt-get update ... oicked up a number of unexpected
> packages:
>
> The following packages will be upgraded
> bsdutils console-data debianutils mount nano procmail procps util-linux
> util-linux-locales zlib1g zlib1g-dev
> 11 packages u
Hi!
Last night my apt-get update ... oicked up a number of unexpected
packages:
The following packages will be upgraded
bsdutils console-data debianutils mount nano procmail procps util-linux
util-linux-locales zlib1g zlib1g-dev
11 packages upgraded, 0 newly installed, 0 to remove and 0 not
> information. To suggest possible problems without knowing the scope and
> without reading their write up is premature. Better to ask questions
> once they feel like they know the answers. :)
Well since delayed woody release was released it surely means that
'they' know the answers. So I
Thomas Sjögren wrote:
On Fri, Nov 21, 2003 at 01:27:09PM +0100, Jan Wagner wrote:
Thats ATM unknown. It seems, that nobody (except the bad boys) has access to
the boxes. But there are ppl on the way to catch local access. Thats all I
heared.
Ok, so there's no manual auditing on servi
On Tue, 25 Nov 2003, Dariush Pietrzak wrote:
> Well since delayed woody release was released it surely means that
> 'they' know the answers. So I think this is a perfect time for
> post-mortem.
It just means that they were able to check the released packages against
trusted sources, not th
On Tue, 25 Nov 2003 12:09:11 +0100, Kjetil Kjernsmo <[EMAIL PROTECTED]>
wrote:
>I bet there are a lot of users running around scared, not knowing what
>to do really... Any advices for us??
Keep your eye on http://www.wiggy.net/debian/status/
Expect more details to appear there in a day or two.
Hi!
It seems that something is up now? Just got a bunch of posts on
debian-user, and got myself subscribed here again...
The mailing list archives doesn't seem to be up, and therefore I can't
check what you guys discussed before it all went offline.
The announcement contained little inform
> information. To suggest possible problems without knowing the scope and
> without reading their write up is premature. Better to ask questions
> once they feel like they know the answers. :)
Well since delayed woody release was released it surely means that
'they' know the answers. So I
Thomas Sjögren wrote:
On Fri, Nov 21, 2003 at 01:27:09PM +0100, Jan Wagner wrote:
Thats ATM unknown. It seems, that nobody (except the bad boys) has access to
the boxes. But there are ppl on the way to catch local access. Thats all I
heared.
Ok, so there's no manual auditing on services,
Hi!
It seems that something is up now? Just got a bunch of posts on
debian-user, and got myself subscribed here again...
The mailing list archives doesn't seem to be up, and therefore I can't
check what you guys discussed before it all went offline.
The announcement contained little inform
On Tue, 25 Nov 2003 19:51, Chema <[EMAIL PROTECTED]> wrote:
> Making /usr read-only is not for that kind of security. It will keep your
> data safe from corruption (soft one, anyway: a disk crash will take
> anything with it ;-). Besides, you can get a better performance formating
> it with ext2,
On Tue, 25 Nov 2003 19:51, Chema <[EMAIL PROTECTED]> wrote:
> Making /usr read-only is not for that kind of security. It will keep your
> data safe from corruption (soft one, anyway: a disk crash will take
> anything with it ;-). Besides, you can get a better performance formating
> it with ext2,
On Thu, 09 Oct 2003 10:34:12 +0200
Tarjei Huse <[EMAIL PROTECTED]> wrote:
TH> Hi,
TH> The Securing Debian manual suggest one should set the /usr partition
TH> to ro and use remount when you install new programs.
TH> I was just wondering how much security one gains with this. Wouldn't
TH> most hac
On Thu, 09 Oct 2003 10:34:12 +0200
Tarjei Huse <[EMAIL PROTECTED]> wrote:
TH> Hi,
TH> The Securing Debian manual suggest one should set the /usr partition
TH> to ro and use remount when you install new programs.
TH> I was just wondering how much security one gains with this. Wouldn't
TH> most hac
64 matches
Mail list logo
