Mailinglist Archive: opensuse (714 mails)

< Previous Next >
Re: [opensuse] Can I ask something...?
On 10/28/2011 6:01 PM, Brian K. White wrote:
On 10/28/2011 12:50 PM, Togan Muftuoglu wrote:
On 10/28/2011 06:42 PM, Linux Tyro wrote:
On Fri, Oct 28, 2011 at 9:09 PM, Robert Schweikert<rjschwei@xxxxxxxx>
wrote:

ok. Well, I just wanted to ask if the new release period could be
increased (just a suggestion) from 8 months to something like a year,
so that we (not from technical side) can all have a good grasp at the
OS/distro, can know something about it before any new thing come into
picture... However, it's just a question of 'if' this is a possibility
or not...!

Upgrade is not obligatory, I am running versions back to 11.1 on a daily
basis and some of the are web and mail servers. So you do not have to
update to the new version every 8 months or so

life is endless possibilities and then there is the freedom of choosing

Togan


Then again I just spent a few days fighting with some hackers script
that somehow manages to get _ROOT ACCESS_ to a few of my opensuse 11.2
machines, du apparently to a weakness in openssh.

I had done everything but shut off sshd entirely, sinec i need it
myself, but I had disallowed root access, I had deleted all ssh keys and
changed the password, and still they got in. Lucky for me it was just a
script that only wanted to do one thing, execute perl and suck down a
perl script to generate spam. It was running perl, as root, it could
have done _anything_.

I captured forensic data by replacing the perl binary with a shell
script

I'm sorry I just realized I kind of skipped a little background there, I did know from info in /proc that the hacker process was running perl, and that it was launched from a shell that was provided by sshd. Further investigation and eventual solution confirmed that multiple ways.

--
bkw
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx

< Previous Next >