Date: Tue, 07 Feb 2012 13:38:59 +0100 From: kron <kron24@gmail.com> To: freebsd-questions@freebsd.org Subject: Re: on hammer's, security, and centrifuges... Message-ID: <4F311B63.20408@gmail.com> In-Reply-To: <CAE7N2ke-eEg3QqD3OfD_AJ6Yx78wwhOiApwVYsDQXhxU14JgAQ@mail.gmail.com> References: <CAE7N2ke-eEg3QqD3OfD_AJ6Yx78wwhOiApwVYsDQXhxU14JgAQ@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2012/02/07 13:03, Henry Olyer wrote: > So I was coding along... > > On my laptop, on session #1, and I get a notice that someone did an su. > Except I'm the only user and I didn't have an ethernet cord connected. > (And no, it wasn't me...) > > I just built this laptop a few days ago. Fresh. I did have to get on the > net to download/make/install a few critical packages. I do development. > And research. > > My guess, not one shred of evidence, is that someone got in while I was > re-building packages. Some, (for example Maxima,) take hours. And because > of problems with gnuplot and pdflib, won't build as packages without > re-compilation. ... signed packages etc are valid and desirable features but i consider them as the next step after basic work which is on you i would start with the following: - was the "su" really a sign o breach? i mean not some your maintenance batch in background/cron/... - if yes what about weak ssh passwords? you may consider pki-based authentication then anyway, once compromised, you should rebuild tainted systems from scratch, sorry :-( wrt signed packaged i think there's some support in pkgng but no personal experience yet BR, Oli
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4F311B63.20408>