[lug] Possible compromise?
jafo at tummy.com
Sat Jan 18 18:46:20 MST 2003
On Sat, Jan 18, 2003 at 05:36:37PM -0700, Rob Nagler wrote:
>turning off PermitRootLogin for sshd had the right effect. You can't
>login via ssh as root (or anybody else now).
>I couldn't find any security releases which matched this signature.
You couldn't find any accounts of people having modified SSHs installed?
You must not have looked very hard. ;-)
If you installed SSH via an RPM, you should check "rpm -V ssh-server"
and see if it complains that binaries have been modified. If you
installed via dpkg, there is something similar I believe. If you
installed from source, check backups.
The "PEANUTS" gang finds their first root-kit in "YOU'RE AN 3L33T H4CK3R
NOW, CHARLIE BROWN".
Sean Reifschneider, Inimitably Superfluous <jafo at tummy.com>
tummy.com, ltd. - Linux Consulting since 1995. Qmail, Python, SysAdmin
More information about the LUG