On 2/7/12 1:03 PM, Henry Olyer wrote: > So I was coding along... > > On my laptop, on session #1, and I get a notice that someone did an su. > Except I'm the only user and I didn't have an ethernet cord connected. > (And no, it wasn't me...) > > I just built this laptop a few days ago. Fresh. I did have to get on the > net to download/make/install a few critical packages. I do development. > And research. > > My guess, not one shred of evidence, is that someone got in while I was > re-building packages. Some, (for example Maxima,) take hours. And because > of problems with gnuplot and pdflib, won't build as packages without > re-compilation. >
And how would they have done that: - weak root password or something ? - did you allow rootlogin at all through SSH ? I work with dozens of FreeBSD boxes at work, all of which are under heavy load and present juicy targets for attackers. We've not had a single breach in security since I started. You're looking for means of increasing security, it seems to me, once an attacker already has the root. I would suggest preventing said attacker from obtaining the root in the first place. Perhaps one of the packages you downloaded was backdoored ? _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"