[plug] [joey at infodrom.org: Some Debian Project machines have been compromised]

Chris Caston caston at arach.net.au
Fri Nov 21 23:02:33 WST 2003 

I seem to have famd running while apparently keeps track of when there
are changes in the file system. It has worrying options in /etc/fam.conf
like:

insecure_compatibility = false
local_only = false
untrusted_user = nobody

I have no idea where else this could have come from.

Perhaps I'm just getting paranoid. Any ideas?

On Fri, 2003-11-21 at 21:25, Chris Caston wrote:
> btw what's port 982?
> 
> nmap run compled:
> *Snip*
> 982/tcp open unknown
> *snip*
> 
> On Fri, 2003-11-21 at 21:19, Chris Caston wrote:
> > No wonder it was down!
> > !?!?
> > So what all are boxes are owned now?
> > 
> > So why aren't the updates signed?
> > 
> > regards,
> > 
> > Chris
> > 
> > On Fri, 2003-11-21 at 20:31, Trent Lloyd wrote:
> > > ----- Forwarded message from Martin Schulze <joey at infodrom.org> -----
> > > 
> > > Delivered-To: trent at ucc.gu.uwa.edu.au
> > > Old-Return-Path: <joey at infodrom.org>
> > > Date: Fri, 21 Nov 2003 11:46:19 +0100
> > > From: Martin Schulze <joey at infodrom.org>
> > > To: Debian Announcements <debian-announce at lists.debian.org>
> > > Subject: Some Debian Project machines have been compromised
> > > User-Agent: Mutt/1.5.4i
> > > Resent-Message-ID: <M6ofX.A.GeE.nHfv_ at murphy>
> > > Resent-From: debian-announce at lists.debian.org
> > > X-Mailing-List: <debian-announce at lists.debian.org> archive/latest/81
> > > X-Loop: debian-announce at lists.debian.org
> > > List-Id: <debian-announce.lists.debian.org>
> > > List-Post: <mailto:debian-announce at lists.debian.org>
> > > List-Help: <mailto:debian-announce-request at lists.debian.org?subject=help>
> > > List-Subscribe: <mailto:debian-announce-request at lists.debian.org?subject=subscribe>
> > > List-Unsubscribe: <mailto:debian-announce-request at lists.debian.org?subject=unsubscribe>
> > > List-Archive: <http://lists.debian.org/debian-announce/>
> > > Precedence: list
> > > Resent-Sender: debian-announce-request at lists.debian.org
> > > Resent-Date: Fri, 21 Nov 2003 05:07:19 -0600 (CST)
> > > X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on 
> > > 	mooneye.ucc.gu.uwa.edu.au
> > > X-Spam-Level: 
> > > X-Spam-Status: No, hits=-4.9 required=5.0 tests=BAYES_00 autolearn=no 
> > > 	version=2.60
> > > 
> > > ------------------------------------------------------------------------
> > > The Debian Project                                http://www.debian.org/
> > > Some Debian Project machines compromised                press at debian.org
> > > November 21st, 2003
> > > ------------------------------------------------------------------------
> > > 
> > > Some Debian Project machines have been compromised
> > > 
> > > This is a very unfortunate incident to report about.  Some Debian
> > > servers were found to have been compromised in the last 24 hours.
> > > 
> > > The archive is not affected by this compromise!
> > > 
> > > In particular the following machines have been affected:
> > > 
> > >   . master (Bug Tracking System)
> > >   . murphy (mailing lists)
> > >   . gluck (web, cvs)
> > >   . klecker (security, non-us, web search, www-master)
> > > 
> > > Some of these services are currently not available as the machines
> > > undergo close inspection.  Some services have been moved to other
> > > machines (www.debian.org for example).
> > > 
> > > The security archive will be verified from trusted sources before it
> > > will become available again.
> > > 
> > > Please note that we have recently prepared a new point release for
> > > Debian GNU/Linux 3.0 (woody), release 3.0r2.  While it has not been
> > > announced yet, it has been pushed to our mirrors already.  The
> > > announcement was scheduled for this morning but had to be postponed.
> > > This update has now been checked and it is not affected by the
> > > compromise.
> > > 
> > > We apologise for the disruptions of some services over the next few
> > > days.  We are working on restoring the services and verifying the
> > > content of our archives.
> > > 
> > > 
> > > Contact Information
> > > -------------------
> > > 
> > > For further information, please visit the Debian web pages at
> > > <http://www.debian.org/> or contact <press at debian.org>.
> > > 
> > 
> > _______________________________________________
> > plug mailing list
> > plug at plug.linux.org.au
> > http://mail.plug.linux.org.au/cgi-bin/mailman/listinfo/plug
> > 
> 
> _______________________________________________
> plug mailing list
> plug at plug.linux.org.au
> http://mail.plug.linux.org.au/cgi-bin/mailman/listinfo/plug
> 

_______________________________________________
plug mailing list
plug at plug.linux.org.au
http://mail.plug.linux.org.au/cgi-bin/mailman/listinfo/plug

More information about the plug mailing list