porn - javhd - hentai

Linux under "active attack"

By   |  August 27, 2008

The US Computer Emergency Readiness Team (CERT) US-CERT is warning that Linux-based systems are under “active attack” using compromised SSH keys. The attack appears to initially use stolen SSH keys to gain access to a system, and then uses local kernel exploits to gain root access. Once root access has been obtained, a rootkit known as “phalanx2” is installed.

Phalanx2 appears to be a derivative of an older rootkit and is likely to be based on the Debian Random number generator flaw that appeared earlier this year.

The reduce the risks, US-CERT suggests administrators:

– Proactively identify and examine systems where SSH keys are used as part of automated processes. These keys will typically not have passphrases or passwords.
– Encourage users to use the keys with passphrase or passwords to reduce the risk if a key is compromised.
– Review access paths to Internet facing systems and ensure that systems are fully patched.

For systems already compromised by this, US-CERT recommends that administrators:
– Disable key-based SSH authentication on the affected systems, where possible.
– Perform an audit of all SSH keys on the affected systems.
– Notify all key owners of the potential compromise of their keys.


Comments are closed