[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] SuSE 8.1 hacked?



Manuel Balderrábano wrote:
I guess my mistake was not having all patches aplied, but my serious doubt is: I had a 2.4.23 kernel, so how could the intruder become root after the breakthrough? It is supposed to be the last 2.4 kernel avaliable, could have he used another exploit?

Just because you were running a recent kernel doesn't mean patches for
exposed services (apache, mysql, etc) aren't necessary. I would be
cautious about transferring any binaries from the old server to the
new installation and you might want to reset all old user passwords.
It would probably be a good idea to use a package like aide or tripwire
regularly and send all critical logs to an external box which alerts
you (via email, pager, whatever) of any weird events.


--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here