***Rootkit Exploit Caught in 10.2*** WARNING
I am aware of the "sticky" in Security about ssh. I just thought that more people would see the post if it were placed here.
I have just noticed this post on another forum. http://www.suseforums.net/index.php?showtopic=31358 There is probably no need to panic but just make sure that the usual good housekeeping is performed with strong passwords, active firewalls etc. In addition do ensure that a rootkit hunter such as rkhunter is installed. It comes with the 10.2 OS but it is not enabled. For those using another OS or who require further information please visit: www.rootkit.nl |
I would add the following as things to do on the ssh server:
- Make sure only Protocol 2 is allowed - Disable root login - Strongly consider using public key authentication and disabling username/password authentication. - Use a file monitoring program like Aide, Samhain or Tripwire |
All times are GMT -5. The time now is 06:27 AM. |