On Mon, 2004-11-08 at 06:41 +1100, O Plameras wrote: > 1. Would SELinux have prevented or minimized damaged to Debian site ?
> For example, it should have taken the break-in longer from the time the > attempt > was first tried to the time it succeeded. And so, SysAdmin would have > longer window > to realise there has been attempts on the servers ? It should have > confined the first > break-in to within a limited set of functionalities ? I am unsure how this would have prevented the attack on the kernel that was applied? Please explain. > 2. Would 'kerberos' have prevented this sort of break-in ? The initial attack was by social engineering. One developers key was compromised due to their lack of security thought. With one weak link in the chain then it all comes down. I am not sure under this circumstance how better encryption would have helped. -- Ken Foskey -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
