Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 07 Feb 2012 13:11:44 +0100
From:      Damien Fleuriot <ml@my.gd>
To:        freebsd-questions@freebsd.org
Subject:   Re: on hammer's, security, and centrifuges...
Message-ID:  <4F311500.6070609@my.gd>
In-Reply-To: <CAE7N2ke-eEg3QqD3OfD_AJ6Yx78wwhOiApwVYsDQXhxU14JgAQ@mail.gmail.com>
References:  <CAE7N2ke-eEg3QqD3OfD_AJ6Yx78wwhOiApwVYsDQXhxU14JgAQ@mail.gmail.com>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help


On 2/7/12 1:03 PM, Henry Olyer wrote:
> So I was coding along...
> 
> On my laptop, on session #1, and I get a notice that someone did an su.
>  Except I'm the only user and I didn't have an ethernet cord connected.
>  (And no, it wasn't me...)
> 
> I just built this laptop a few days ago.  Fresh.  I did have to get on the
> net to download/make/install a few critical packages.  I do development.
>  And research.
> 
> My guess, not one shred of evidence, is that someone got in while I was
> re-building packages.  Some, (for example Maxima,) take hours.  And because
> of problems with gnuplot and pdflib, won't build as packages without
> re-compilation.
> 

And how would they have done that:
- weak root password or something ?
- did you allow rootlogin at all through SSH ?

I work with dozens of FreeBSD boxes at work, all of which are under
heavy load and present juicy targets for attackers.

We've not had a single breach in security since I started.


You're looking for means of increasing security, it seems to me, once an
attacker already has the root.
I would suggest preventing said attacker from obtaining the root in the
first place.

Perhaps one of the packages you downloaded was backdoored ?



Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?4F311500.6070609>