On 2012/02/07 13:03, Henry Olyer wrote:
So I was coding along...
On my laptop, on session #1, and I get a notice that someone did an su.
Except I'm the only user and I didn't have an ethernet cord connected.
(And no, it wasn't me...)
I just built this laptop a few days ago. Fresh. I did have to get on the
net to download/make/install a few critical packages. I do development.
And research.
My guess, not one shred of evidence, is that someone got in while I was
re-building packages. Some, (for example Maxima,) take hours. And because
of problems with gnuplot and pdflib, won't build as packages without
re-compilation.
...
signed packages etc are valid and desirable features but
i consider them as the next step after basic work which is
on you
i would start with the following:
- was the "su" really a sign o breach? i mean not some
your maintenance batch in background/cron/...
- if yes what about weak ssh passwords? you may consider
pki-based authentication then
anyway, once compromised, you should rebuild tainted
systems from scratch, sorry :-(
wrt signed packaged i think there's some support in pkgng
but no personal experience yet
BR,
Oli
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"