On Thu, 09 Oct 2003 10:34:12 +0200
Tarjei Huse <[EMAIL PROTECTED]> wrote:
TH> Hi,
TH> The Securing Debian manual suggest one should set the /usr partition
TH> to ro and use remount when you install new programs.
TH> I was just wondering how much security one gains with this. Wouldn't
TH> most hac
On Tue, 25 Nov 2003 19:51, Chema <[EMAIL PROTECTED]> wrote:
> Making /usr read-only is not for that kind of security. It will keep your
> data safe from corruption (soft one, anyway: a disk crash will take
> anything with it ;-). Besides, you can get a better performance formating
> it with ext2,
Hi!
It seems that something is up now? Just got a bunch of posts on
debian-user, and got myself subscribed here again...
The mailing list archives doesn't seem to be up, and therefore I can't
check what you guys discussed before it all went offline.
The announcement contained little inform
Thomas Sjögren wrote:
On Fri, Nov 21, 2003 at 01:27:09PM +0100, Jan Wagner wrote:
Thats ATM unknown. It seems, that nobody (except the bad boys) has access to
the boxes. But there are ppl on the way to catch local access. Thats all I
heared.
Ok, so there's no manual auditing on servi
> information. To suggest possible problems without knowing the scope and
> without reading their write up is premature. Better to ask questions
> once they feel like they know the answers. :)
Well since delayed woody release was released it surely means that
'they' know the answers. So I
On Tue, 25 Nov 2003 12:09:11 +0100, Kjetil Kjernsmo <[EMAIL PROTECTED]>
wrote:
>I bet there are a lot of users running around scared, not knowing what
>to do really... Any advices for us??
Keep your eye on http://www.wiggy.net/debian/status/
Expect more details to appear there in a day or two.
On Tue, 25 Nov 2003, Dariush Pietrzak wrote:
> Well since delayed woody release was released it surely means that
> 'they' know the answers. So I think this is a perfect time for
> post-mortem.
It just means that they were able to check the released packages against
trusted sources, not th
Hi!
Last night my apt-get update ... oicked up a number of unexpected
packages:
The following packages will be upgraded
bsdutils console-data debianutils mount nano procmail procps util-linux
util-linux-locales zlib1g zlib1g-dev
11 packages upgraded, 0 newly installed, 0 to remove and 0 not
On Sun, 23 Nov 2003, Lupe Christoph wrote:
> Last night my apt-get update ... oicked up a number of unexpected
> packages:
>
> The following packages will be upgraded
> bsdutils console-data debianutils mount nano procmail procps util-linux
> util-linux-locales zlib1g zlib1g-dev
> 11 packages u
After the Linux kernel server got hacked a few weeks ago, and now this
successful attack at Debian, my confidence is shaken. I hope we'll see full
disclosure about exactly what happened and what's being done to prevent it.
-Jim
On Sun, Nov 23, 2003 at 01:09:27AM -0500, Jim Hubbard wrote:
After the Linux kernel server got hacked a few weeks ago, and now this
successful attack at Debian, my confidence is shaken. I hope we'll see full
disclosure about exactly what happened and what's being done to prevent it.
We were up
On Fri, Nov 21, 2003 at 09:17:33AM -0500, Michael Stone wrote:
> Thank you for not starting wild unfounded rumors. If you don't have the
> facts it is unproductive to speculate wildly, especially in a pejorative
> fashion.
No starting rumours or specualting, just asking how the servers got got
roo
On Sun, Nov 23, 2003 at 01:09:27AM -0500, Jim Hubbard wrote:
> After the Linux kernel server got hacked a few weeks ago, and now this
> successful attack at Debian, my confidence is shaken. I hope we'll see full
I'm curious: why would this serve to shake your confidence?
-- John
On Tue, Nov 25, 2003 at 08:21:14AM -0600, John Goerzen wrote:
> On Sun, Nov 23, 2003 at 01:09:27AM -0500, Jim Hubbard wrote:
> > After the Linux kernel server got hacked a few weeks ago, and now this
> > successful attack at Debian, my confidence is shaken. I hope we'll see full
>
> I'm curious:
Jim Hubbard wrote:
After the Linux kernel server got hacked a few weeks ago, and now this
successful attack at Debian, my confidence is shaken. I hope we'll see full
disclosure about exactly what happened and what's being done to prevent it.
Well wait for the findings of the debian security t
OK, now I got really worried
Because I'm a bit lazy I've put the apt-get update & upgrade into the crontab
of one of my machines.
Now is the question, how do I know if those installed packages are hacked or
not ? Some suggestions and help please ?
I've removed procmail+nano+xbase-clients+x
On Tue, 2003-11-25 at 20:18, Johannes Graumann wrote:
[...]
> I was just running 'chkrootkit' and came across this warning:
>
> > Checking `lkm'... You have 4 process hidden for ps command
> > Warning: Possible LKM Trojan installed
[...]
> I then went ahead and manually checked the output of '
On Tue, Nov 25, 2003 at 12:18:35PM -0800, Johannes Graumann wrote:
> Hello,
>
> This is a testing/unstable system.
>
> I was just running 'chkrootkit' and came across this warning:
>
> > Checking `lkm'... You have 4 process hidden for ps command
> > Warning: Possible LKM Trojan installed
>
Thanks to everybody who was taking the time to sooth the novice ... ;0)
Joh
On Tue, 25 Nov 2003 12:18:35 -0800
Johannes Graumann <[EMAIL PROTECTED]> wrote:
> Hello,
>
> This is a testing/unstable system.
>
> I was just running 'chkrootkit' and came across this warning:
>
> > Checking `lkm'...
On Tue, Nov 25, 2003 at 06:42:21PM -0600, Adam Heath scribbled:
[snip]
> > are however four processes (ksoftirqd_CPU0, kswapd, bdflush, kupdated)
> > in existence that show a PID of 0.
> > Am I right to assume that this is not the lkm kit, but rather some
> > weiredness in PID assignment?
> >
> > T
Hello,
This is a testing/unstable system.
I was just running 'chkrootkit' and came across this warning:
> Checking `lkm'... You have 4 process hidden for ps command
> Warning: Possible LKM Trojan installed
I did some reading and made sure the number is not changing (due to
running 'chkrootk
Linux wrote:
OK, now I got really worried
Because I'm a bit lazy I've put the apt-get update & upgrade into the crontab
of one of my machines.
Now is the question, how do I know if those installed packages are hacked or
not ? Some suggestions and help please ?
I think they are not. T
On Fri, Nov 21, 2003 at 01:27:09PM +0100, Jan Wagner wrote:
>On Friday 21 November 2003 13:18, Thomas Sj?gren wrote:
>> On Fri, Nov 21, 2003 at 01:13:35PM +0100, Jan Wagner wrote:
>> > http://luonnotar.infodrom.org/~joey/debian-announce.txt
>>
>> Read that a minute ago, but what happended?
>
>Thats
On Sat, Nov 22, 2003 at 11:23:52AM +0100, Linux wrote:
> The following looks a lot worse to me...
> bsdutils, mount util-linux, console-data, procps, zlib1g, gnupg,
> util-linux-locales
>
> Suggestions + help how I should do that ?
See
http://slashdot.org/article.pl?sid=03/11/23/1730227&mode=thr
On Wed, 26 Nov 2003 07:45, Chema <[EMAIL PROTECTED]> wrote:
> RC> Why would you get better performance? If you mount noatime then
> RC> there's no writes to a file system that is accessed in a read-only
> RC> fashion and there should not be any performance issue.
>
> Hum, ¿are you talking only abo
On Sun, Nov 23, 2003 at 01:09:27AM -0500, Jim Hubbard scribbled:
> After the Linux kernel server got hacked a few weeks ago, and now this
> successful attack at Debian, my confidence is shaken. I hope we'll see full
> disclosure about exactly what happened and what's being done to prevent it.
Shak
> I was just running 'chkrootkit' and came across this warning:
>
> > Checking `lkm'... You have 4 process hidden for ps command
> > Warning: Possible LKM Trojan installed
I have the same problem.. I believe it's a bug in chkrootkit
Michael
On Saturday November 22 at 02:32am
George Georgalis <[EMAIL PROTECTED]> wrote:
> So, are these compromised updates or urgent patches? I'm guessing the
> former..
More likely part of 3.0r2. I've attached the message from
debian-announce.
--
-johann koenig
Now Playing: Red Hot Chili Peppers - The
On Tue, 25 Nov 2003, Johannes Graumann wrote:
> Hello,
>
> This is a testing/unstable system.
>
> I was just running 'chkrootkit' and came across this warning:
>
> > Checking `lkm'... You have 4 process hidden for ps command
> > Warning: Possible LKM Trojan installed
>
> I did some reading and
On Sat, Nov 22, 2003 at 02:32:45AM -0500, George Georgalis wrote:
I thought it was odd there where ~50 urgent security updates all in one
evening.
Those weren't security updates, they were 3.0r2 (aka stable). Check
the debian-devel-announce archives. (When they come back on line.)
Mike Stone
On Tue, 25 Nov 2003 21:14:21 +1100
Russell Coker <[EMAIL PROTECTED]> wrote:
RC> On Tue, 25 Nov 2003 19:51, Chema <[EMAIL PROTECTED]>
RC> wrote:
RC> > Making /usr read-only is not for that kind of security. It will
RC> > keep your data safe from corruption (soft one, anyway: a disk
RC> > crash wil
On Thu, 09 Oct 2003 10:34:12 +0200
Tarjei Huse <[EMAIL PROTECTED]> wrote:
TH> Hi,
TH> The Securing Debian manual suggest one should set the /usr partition
TH> to ro and use remount when you install new programs.
TH> I was just wondering how much security one gains with this. Wouldn't
TH> most hac
On Tue, 25 Nov 2003 19:51, Chema <[EMAIL PROTECTED]> wrote:
> Making /usr read-only is not for that kind of security. It will keep your
> data safe from corruption (soft one, anyway: a disk crash will take
> anything with it ;-). Besides, you can get a better performance formating
> it with ext2,
Hi!
It seems that something is up now? Just got a bunch of posts on
debian-user, and got myself subscribed here again...
The mailing list archives doesn't seem to be up, and therefore I can't
check what you guys discussed before it all went offline.
The announcement contained little inform
Thomas Sjögren wrote:
On Fri, Nov 21, 2003 at 01:27:09PM +0100, Jan Wagner wrote:
Thats ATM unknown. It seems, that nobody (except the bad boys) has access to
the boxes. But there are ppl on the way to catch local access. Thats all I
heared.
Ok, so there's no manual auditing on services,
> information. To suggest possible problems without knowing the scope and
> without reading their write up is premature. Better to ask questions
> once they feel like they know the answers. :)
Well since delayed woody release was released it surely means that
'they' know the answers. So I
On Tue, 25 Nov 2003 12:09:11 +0100, Kjetil Kjernsmo <[EMAIL PROTECTED]>
wrote:
>I bet there are a lot of users running around scared, not knowing what
>to do really... Any advices for us??
Keep your eye on http://www.wiggy.net/debian/status/
Expect more details to appear there in a day or two.
On Tue, 25 Nov 2003, Dariush Pietrzak wrote:
> Well since delayed woody release was released it surely means that
> 'they' know the answers. So I think this is a perfect time for
> post-mortem.
It just means that they were able to check the released packages against
trusted sources, not th
Hi!
Last night my apt-get update ... oicked up a number of unexpected
packages:
The following packages will be upgraded
bsdutils console-data debianutils mount nano procmail procps util-linux
util-linux-locales zlib1g zlib1g-dev
11 packages upgraded, 0 newly installed, 0 to remove and 0 not
On Sun, 23 Nov 2003, Lupe Christoph wrote:
> Last night my apt-get update ... oicked up a number of unexpected
> packages:
>
> The following packages will be upgraded
> bsdutils console-data debianutils mount nano procmail procps util-linux
> util-linux-locales zlib1g zlib1g-dev
> 11 packages u
After the Linux kernel server got hacked a few weeks ago, and now this
successful attack at Debian, my confidence is shaken. I hope we'll see full
disclosure about exactly what happened and what's being done to prevent it.
-Jim
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "
On Sun, Nov 23, 2003 at 01:09:27AM -0500, Jim Hubbard wrote:
After the Linux kernel server got hacked a few weeks ago, and now this
successful attack at Debian, my confidence is shaken. I hope we'll see full
disclosure about exactly what happened and what's being done to prevent it.
We were up-fro
On Fri, Nov 21, 2003 at 09:17:33AM -0500, Michael Stone wrote:
> Thank you for not starting wild unfounded rumors. If you don't have the
> facts it is unproductive to speculate wildly, especially in a pejorative
> fashion.
No starting rumours or specualting, just asking how the servers got got
roo
On Sun, Nov 23, 2003 at 01:09:27AM -0500, Jim Hubbard wrote:
> After the Linux kernel server got hacked a few weeks ago, and now this
> successful attack at Debian, my confidence is shaken. I hope we'll see full
I'm curious: why would this serve to shake your confidence?
-- John
--
To UNSUBSC
On Tue, Nov 25, 2003 at 08:21:14AM -0600, John Goerzen wrote:
> On Sun, Nov 23, 2003 at 01:09:27AM -0500, Jim Hubbard wrote:
> > After the Linux kernel server got hacked a few weeks ago, and now this
> > successful attack at Debian, my confidence is shaken. I hope we'll see full
>
> I'm curious:
Jim Hubbard wrote:
After the Linux kernel server got hacked a few weeks ago, and now this
successful attack at Debian, my confidence is shaken. I hope we'll see full
disclosure about exactly what happened and what's being done to prevent it.
Well wait for the findings of the debian security team.
OK, now I got really worried
Because I'm a bit lazy I've put the apt-get update & upgrade into the crontab
of one of my machines.
Now is the question, how do I know if those installed packages are hacked or
not ? Some suggestions and help please ?
I've removed procmail+nano+xbase-clients+x
-BEGIN PGP SIGNED MESSAGE-
> Thomas Sj?gren <[EMAIL PROTECTED]> [2003-11-21 16:43]:
>
> On Fri, Nov 21, 2003 at 02:17:52PM +0200, Johann Spies wrote:
> > On Fri, Nov 21, 2003 at 12:38:50PM +0100, Thomas SjÃgren wrote:
> > > Anyone to shed some light over this?
> >
> > There has been an ann
On Friday 21 November 2003 15:14, Thomas Sjögren wrote:
> On Fri, Nov 21, 2003 at 02:17:52PM +0200, Johann Spies wrote:
> > On Fri, Nov 21, 2003 at 12:38:50PM +0100, Thomas Sjögren wrote:
> > > Anyone to shed some light over this
> > There has been an announcement on the Debian-announce-list a few
On Sat, Nov 22, 2003 at 11:23:52AM +0100, Linux wrote:
> The following looks a lot worse to me...
> bsdutils, mount util-linux, console-data, procps, zlib1g, gnupg,
> util-linux-locales
>
> Suggestions + help how I should do that ?
See
http://slashdot.org/article.pl?sid=03/11/23/1730227&mode=thr
On Fri, Nov 21, 2003 at 01:27:09PM +0100, Jan Wagner wrote:
>On Friday 21 November 2003 13:18, Thomas Sj?gren wrote:
>> On Fri, Nov 21, 2003 at 01:13:35PM +0100, Jan Wagner wrote:
>> > http://luonnotar.infodrom.org/~joey/debian-announce.txt
>>
>> Read that a minute ago, but what happended?
>
>Thats
On Sun, Nov 23, 2003 at 01:09:27AM -0500, Jim Hubbard scribbled:
> After the Linux kernel server got hacked a few weeks ago, and now this
> successful attack at Debian, my confidence is shaken. I hope we'll see full
> disclosure about exactly what happened and what's being done to prevent it.
Shak
Hello,
This is a testing/unstable system.
I was just running 'chkrootkit' and came across this warning:
> Checking `lkm'... You have 4 process hidden for ps command
> Warning: Possible LKM Trojan installed
I did some reading and made sure the number is not changing (due to
running 'chkrootk
On Tue, 25 Nov 2003 21:14:21 +1100
Russell Coker <[EMAIL PROTECTED]> wrote:
RC> On Tue, 25 Nov 2003 19:51, Chema <[EMAIL PROTECTED]>
RC> wrote:
RC> > Making /usr read-only is not for that kind of security. It will
RC> > keep your data safe from corruption (soft one, anyway: a disk
RC> > crash wil
On Saturday November 22 at 02:32am
George Georgalis <[EMAIL PROTECTED]> wrote:
> So, are these compromised updates or urgent patches? I'm guessing the
> former..
More likely part of 3.0r2. I've attached the message from
debian-announce.
--
-johann koenig
Now Playing: Red Hot Chili Peppers - The
On Tue, Nov 25, 2003 at 12:18:35PM -0800, Johannes Graumann wrote:
> Hello,
>
> This is a testing/unstable system.
>
> I was just running 'chkrootkit' and came across this warning:
>
> > Checking `lkm'... You have 4 process hidden for ps command
> > Warning: Possible LKM Trojan installed
>
On Tue, 2003-11-25 at 20:18, Johannes Graumann wrote:
[...]
> I was just running 'chkrootkit' and came across this warning:
>
> > Checking `lkm'... You have 4 process hidden for ps command
> > Warning: Possible LKM Trojan installed
[...]
> I then went ahead and manually checked the output of '
On Sat, Nov 22, 2003 at 02:32:45AM -0500, George Georgalis wrote:
I thought it was odd there where ~50 urgent security updates all in one
evening.
Those weren't security updates, they were 3.0r2 (aka stable). Check
the debian-devel-announce archives. (When they come back on line.)
Mike Stone
--
To
> I was just running 'chkrootkit' and came across this warning:
>
> > Checking `lkm'... You have 4 process hidden for ps command
> > Warning: Possible LKM Trojan installed
I have the same problem.. I believe it's a bug in chkrootkit
Michael
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
On Tue, 25 Nov 2003, Johannes Graumann wrote:
> Hello,
>
> This is a testing/unstable system.
>
> I was just running 'chkrootkit' and came across this warning:
>
> > Checking `lkm'... You have 4 process hidden for ps command
> > Warning: Possible LKM Trojan installed
>
> I did some reading and
Linux wrote:
OK, now I got really worried
Because I'm a bit lazy I've put the apt-get update & upgrade into the crontab
of one of my machines.
Now is the question, how do I know if those installed packages are hacked or
not ? Some suggestions and help please ?
I think they are not. They ar
On Wed, 26 Nov 2003 07:45, Chema <[EMAIL PROTECTED]> wrote:
> RC> Why would you get better performance? If you mount noatime then
> RC> there's no writes to a file system that is accessed in a read-only
> RC> fashion and there should not be any performance issue.
>
> Hum, ¿are you talking only abo
Thanks to everybody who was taking the time to sooth the novice ... ;0)
Joh
On Tue, 25 Nov 2003 12:18:35 -0800
Johannes Graumann <[EMAIL PROTECTED]> wrote:
> Hello,
>
> This is a testing/unstable system.
>
> I was just running 'chkrootkit' and came across this warning:
>
> > Checking `lkm'...
On Tue, Nov 25, 2003 at 06:42:21PM -0600, Adam Heath scribbled:
[snip]
> > are however four processes (ksoftirqd_CPU0, kswapd, bdflush, kupdated)
> > in existence that show a PID of 0.
> > Am I right to assume that this is not the lkm kit, but rather some
> > weiredness in PID assignment?
> >
> > T
64 matches
Mail list logo
