[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] SuSE 8.1 hacked?

Manuel Balderrábano wrote:
I guess my mistake was not having all patches aplied, but my serious doubt is: I had a 2.4.23 kernel, so how could the intruder become root after the breakthrough? It is supposed to be the last 2.4 kernel avaliable, could have he used another exploit?

Just because you were running a recent kernel doesn't mean patches for
exposed services (apache, mysql, etc) aren't necessary. I would be
cautious about transferring any binaries from the old server to the
new installation and you might want to reset all old user passwords.
It would probably be a good idea to use a package like aide or tripwire
regularly and send all critical logs to an external box which alerts
you (via email, pager, whatever) of any weird events.

Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here