on hammer's, security, and centrifuges...
kron
kron24 at gmail.com
Tue Feb 7 13:10:21 UTC 2012
On 2012/02/07 13:03, Henry Olyer wrote:
> So I was coding along...
>
> On my laptop, on session #1, and I get a notice that someone did an su.
> Except I'm the only user and I didn't have an ethernet cord connected.
> (And no, it wasn't me...)
>
> I just built this laptop a few days ago. Fresh. I did have to get on the
> net to download/make/install a few critical packages. I do development.
> And research.
>
> My guess, not one shred of evidence, is that someone got in while I was
> re-building packages. Some, (for example Maxima,) take hours. And because
> of problems with gnuplot and pdflib, won't build as packages without
> re-compilation.
...
signed packages etc are valid and desirable features but
i consider them as the next step after basic work which is
on you
i would start with the following:
- was the "su" really a sign o breach? i mean not some
your maintenance batch in background/cron/...
- if yes what about weak ssh passwords? you may consider
pki-based authentication then
anyway, once compromised, you should rebuild tainted
systems from scratch, sorry :-(
wrt signed packaged i think there's some support in pkgng
but no personal experience yet
BR,
Oli
More information about the freebsd-questions
mailing list