From owner-freebsd-questions@FreeBSD.ORG Tue Feb 7 13:10:21 2012 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9806510656A9 for ; Tue, 7 Feb 2012 13:10:21 +0000 (UTC) (envelope-from kron24@gmail.com) Received: from mail-bk0-f54.google.com (mail-bk0-f54.google.com [209.85.214.54]) by mx1.freebsd.org (Postfix) with ESMTP id 23DE98FC0C for ; Tue, 7 Feb 2012 13:10:20 +0000 (UTC) Received: by bkbzx1 with SMTP id zx1so7642947bkb.13 for ; Tue, 07 Feb 2012 05:10:20 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:content-type:content-transfer-encoding; bh=Nc9UVBBFV0Na86bqWERA7rF9Jaz8JbJNsglqmjp/ddk=; b=msfZVlNOfI/Wvl10Q0f+GhQ9/wC1CjUrll5rPSJh8+vKJTgqRbAqDYT1lVYJNL9Cp2 LHCxf+Gn8hjryQbXKRP/kLBWZ5EL5CsTjcPP/ErU0vde+L8u9xlwn7thyBo9/9JRNqoC zcZR8bdWbDQAWjezbjcdjDHnDi/7olGHM3yW4= Received: by 10.204.152.75 with SMTP id f11mr10124895bkw.127.1328618342730; Tue, 07 Feb 2012 04:39:02 -0800 (PST) Received: from nbvk.local (uidzr185150.sattnet.cz. [212.96.185.150]) by mx.google.com with ESMTPS id fg16sm55317295bkb.16.2012.02.07.04.39.00 (version=SSLv3 cipher=OTHER); Tue, 07 Feb 2012 04:39:01 -0800 (PST) Message-ID: <4F311B63.20408@gmail.com> Date: Tue, 07 Feb 2012 13:38:59 +0100 From: kron User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:10.0) Gecko/20120201 Thunderbird/10.0 MIME-Version: 1.0 To: freebsd-questions@freebsd.org References: In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Mailman-Approved-At: Tue, 07 Feb 2012 13:17:12 +0000 Subject: Re: on hammer's, security, and centrifuges... X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 07 Feb 2012 13:10:21 -0000 On 2012/02/07 13:03, Henry Olyer wrote: > So I was coding along... > > On my laptop, on session #1, and I get a notice that someone did an su. > Except I'm the only user and I didn't have an ethernet cord connected. > (And no, it wasn't me...) > > I just built this laptop a few days ago. Fresh. I did have to get on the > net to download/make/install a few critical packages. I do development. > And research. > > My guess, not one shred of evidence, is that someone got in while I was > re-building packages. Some, (for example Maxima,) take hours. And because > of problems with gnuplot and pdflib, won't build as packages without > re-compilation. ... signed packages etc are valid and desirable features but i consider them as the next step after basic work which is on you i would start with the following: - was the "su" really a sign o breach? i mean not some your maintenance batch in background/cron/... - if yes what about weak ssh passwords? you may consider pki-based authentication then anyway, once compromised, you should rebuild tainted systems from scratch, sorry :-( wrt signed packaged i think there's some support in pkgng but no personal experience yet BR, Oli