Hi, > Hello all, > > For those that didn't pick this up already, US-CERT reported > yesterday: > "US-CERT is aware of active attacks against linux-based computing > infrastructures using compromised SSH keys. The attack appears to > initially use stolen SSH keys to gain access to a system, and then > uses local kernel exploits to gain root access. Once root access > has been obtained, a rootkit known as "phalanx2" is installed." > Full text is at http://www.us- > cert.gov/current/archive/2008/08/26/archive.html#ssh_key_based_attac > ks
Thanks for this notification. > We added Phalanx to Rootkit Hunter (RKH) back in 2006, RKH does > /dev/shm checks for some time now and utilises 'unhide' where > possible for hidden process checks. Today RKH CVS sees Phalanx2 > added Rootkit files and directories, cd'ing into directories and > Inode tests. Please see the updated RKH CVS tarball at > http://rkhunter.sourceforge.net/rkhunter-CVS.tar.gz Is it possible, being that active attacks are happening, the current CVS snapshot could become a 1.3.3 release? On our production servers (and servers for clients we manage) we have a policy to only install (stable) package releases to sustain the stability of our environments. Thanks. Michael. > Regards, the RKH dev team > --- > > -- > Click now to find the best computer mouse for your needs! > http://tagline.hushmail.com/fc/Ioyw6h4evek2apuUjT9WJCKXXxP1JFWAqF5m1DwQ4TlJSweX3vdJFO/ > > ------------------------------------------------------------------------- > This SF.Net email is sponsored by the Moblin Your Move Developer's challenge > Build the coolest Linux based applications with Moblin SDK & win > great prizes Grand prize is a trip for two to an Open Source event > anywhere in the world > http://moblin-contest.org/redirect.php?banner_id=100&url=/ > _______________________________________________ > Rkhunter-users mailing list > Rkhunter-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/rkhunter-users ------- End of Original Message ------- ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users
