[lug] Possible compromise?

Sean Reifschneider jafo at tummy.com
Sat Jan 18 18:46:20 MST 2003

On Sat, Jan 18, 2003 at 05:36:37PM -0700, Rob Nagler wrote:
>turning off PermitRootLogin for sshd had the right effect.  You can't
>login via ssh as root (or anybody else now).
>I couldn't find any security releases which matched this signature.

You couldn't find any accounts of people having modified SSHs installed?
You must not have looked very hard.  ;-)

If you installed SSH via an RPM, you should check "rpm -V ssh-server"
and see if it complains that binaries have been modified.  If you
installed via dpkg, there is something similar I believe.  If you
installed from source, check backups.

 The "PEANUTS" gang finds their first root-kit in "YOU'RE AN 3L33T H4CK3R
Sean Reifschneider, Inimitably Superfluous <jafo at tummy.com>
tummy.com, ltd. - Linux Consulting since 1995.  Qmail, Python, SysAdmin

More information about the LUG mailing list