You are not logged in.

#51 2011-09-17 16:21:20

Grinch
Member
Registered: 2010-11-07
Posts: 265

Re: kernel.org - Security Breach

Yes, sounds like a likely scenario for all these breaches which occured at roughly the same time. Someone who had root priviledges got their credentials hacked and that account is then used to deploy a rootkit and steal other passwords/keys. From a security perspective there's really not anything one can do to prevent something like this except minimizing the number of people with remote root access and make sure they in turn take every security precaution necessary.

Offline

#52 2011-09-18 14:48:08

CPU Gastronomy
Member
From: Québec, Canada
Registered: 2010-12-29
Posts: 69

Re: kernel.org - Security Breach

I find that strange that someone is wanting to modify some important linux servers. 

Anyway, anyone got news for when kernel,org will be up ?  I find that annoying that I have to search files for a lot of PKGBUILD that their files were in the repo of kernel.org (I just did a complet reinstall -_-' ).  Sure, security first, but annoying.

Offline

#53 2011-09-18 15:20:18

KimTjik
Member
From: Sweden
Registered: 2007-08-22
Posts: 715

Re: kernel.org - Security Breach

I saw the link explaining what caused the attack of Frugalware. Has anyone seen what investigations of the attack against kernel.org revealed?

Offline

#54 2011-09-19 22:10:17

Leonid.I
Member
From: Aethyr
Registered: 2009-03-22
Posts: 999

Re: kernel.org - Security Breach

KimTjik wrote:

I saw the link explaining what caused the attack of Frugalware. Has anyone seen what investigations of the attack against kernel.org revealed?

I don't think it is that easy... As far as I remember, the incident was discovered on Aug. 28, but the initial report stated that the actual break-in occured no later that Aug. 12! So whoever that was had a lot of time to cover their tracks.


Arch Linux is more than just GNU/Linux -- it's an adventure
pkill -9 systemd

Offline

#55 2011-09-19 23:53:37

Grinch
Member
Registered: 2010-11-07
Posts: 265

Re: kernel.org - Security Breach

Leonid.I wrote:

I don't think it is that easy... As far as I remember, the incident was discovered on Aug. 28, but the initial report stated that the actual break-in occured no later that Aug. 12! So whoever that was had a lot of time to cover their tracks.

I'm not following you, the break-ins have been detected, what are these tracks you suppose they are covering?

Offline

#56 2011-09-20 16:11:39

Leonid.I
Member
From: Aethyr
Registered: 2009-03-22
Posts: 999

Re: kernel.org - Security Breach

Grinch wrote:
Leonid.I wrote:

I don't think it is that easy... As far as I remember, the incident was discovered on Aug. 28, but the initial report stated that the actual break-in occured no later that Aug. 12! So whoever that was had a lot of time to cover their tracks.

I'm not following you, the break-ins have been detected, what are these tracks you suppose they are covering?

For example, a login record in /var/log/auth from a (hacked) user "XXX" with password "passwd" is most likely gone, which makes it hard to pinpoint exact circumstances under which the attack occured.


Arch Linux is more than just GNU/Linux -- it's an adventure
pkill -9 systemd

Offline

#57 2011-09-25 04:08:35

fsckd
Forum Fellow
Registered: 2009-06-15
Posts: 4,173

Re: kernel.org - Security Breach

Some news on current status and recovery: https://lkml.org/lkml/2011/9/23/357


aur S & M :: forum rules :: Community Ethos
Resources for Women, POC, LGBT*, and allies

Offline

#58 2011-09-27 03:02:12

DrKillPatient
Member
Registered: 2011-07-28
Posts: 85

Re: kernel.org - Security Breach

I've heard hugely different scales of responses on this-- on one hand, that any important things are very unlikely to have been compromised, and the downtime is occurring mainly to prevent this happening later; and on the other, that Linux is now terribly bad and infected and spying on you for every government in the world all the time and also it's telepathic.

I'm very new to all this. Is such a breach really an enormous issue, or do these things happen occasionally?

Offline

#59 2011-09-27 04:59:00

ngoonee
Forum Fellow
From: Between Thailand and Singapore
Registered: 2009-03-17
Posts: 7,257

Re: kernel.org - Security Breach

DrKillPatient wrote:

I've heard hugely different scales of responses on this-- on one hand, that any important things are very unlikely to have been compromised, and the downtime is occurring mainly to prevent this happening later; and on the other, that Linux is now terribly bad and infected and spying on you for every government in the world all the time and also it's telepathic.

I'm very new to all this. Is such a breach really an enormous issue, or do these things happen occasionally?

You'll hear different responses here as well, pretty much mirroring what you'd find (in more detail and with more justification) in various websites and mailing lists smile


Allan-Volunteer on the (topic being discussed) mailn lists. You never get the people who matters attention on the forums.
jasonwryan-Installing Arch is a measure of your literacy. Maintaining Arch is a measure of your diligence. Contributing to Arch is a measure of your competence.
Griemak-Bleeding edge, not bleeding flat. Edge denotes falls will occur from time to time. Bring your own parachute.

Offline

#60 2011-10-04 10:04:37

WorMzy
Forum Moderator
From: Scotland
Registered: 2010-06-16
Posts: 10,126
Website

Re: kernel.org - Security Breach

Well, looks like kernel.org is back up.

As noted previously, kernel.org suffered a security breach. Because of this, we have taken the time to rearchitect the site in order to improve our systems for developers and users of kernel.org. To this end, we would like all developers who previously had access to kernel.org who wish to continue to use it to host their git and static content, to follow the instructions here.

Right now, www.kernel.org and git.kernel.org have been brought back online. All developer git trees have been removed from git.kernel.org and will be added back as the relevant developers regain access to the system.

Thanks to all for your patience and understanding during our outage and please bear with us as we bring up the different kernel.org systems over the next few weeks. We will be writing up a report on the incident in the future.


Sakura:-
Mobo: MSI X299 TOMAHAWK ARCTIC // Processor: Intel Core i7-7820X 3.6GHz // GFX: AMD Radeon RX 5700 XT // RAM: 32GB (4x 8GB) Corsair DDR4 (@ 3000MHz) // Storage: 1x 3TB HDD, 5x 1TB HDD, 2x 120GB SSD, 1x 275GB M2 SSD

Making lemonade from lemons since 2015.

Offline

#61 2011-10-28 03:54:59

EnigmaticCoder
Member
Registered: 2011-10-19
Posts: 4

Re: kernel.org - Security Breach

Is there an official place to get kernel patches while kernel.org is restored?

Offline

#62 2011-10-28 10:14:05

karol
Archivist
Registered: 2009-05-06
Posts: 25,440

Re: kernel.org - Security Breach

EnigmaticCoder wrote:

Is there an official place to get kernel patches while kernel.org is restored?

Any particular ones? I found some w/o much of a problem https://bbs.archlinux.org/viewtopic.php?id=128711

Offline

#63 2011-10-28 10:33:32

Gusar
Member
Registered: 2009-08-25
Posts: 3,605

Re: kernel.org - Security Breach

EnigmaticCoder wrote:

Is there an official place to get kernel patches while kernel.org is restored?

They're already on kernel.org, it's just the front page that's outdated. See here: http://www.kernel.org/pub/linux/kernel/v3.x/

Last edited by Gusar (2011-10-28 10:33:55)

Offline

#64 2011-10-28 18:23:29

EnigmaticCoder
Member
Registered: 2011-10-19
Posts: 4

Re: kernel.org - Security Breach

karol wrote:
EnigmaticCoder wrote:

Is there an official place to get kernel patches while kernel.org is restored?

Any particular ones? I found some w/o much of a problem https://bbs.archlinux.org/viewtopic.php?id=128711

Yes I'm looking for the apparmor patch (2.4 I think it is).

Offline

#65 2011-10-28 18:27:35

karol
Archivist
Registered: 2009-05-06
Posts: 25,440

Re: kernel.org - Security Breach

EnigmaticCoder wrote:
karol wrote:
EnigmaticCoder wrote:

Is there an official place to get kernel patches while kernel.org is restored?

Any particular ones? I found some w/o much of a problem https://bbs.archlinux.org/viewtopic.php?id=128711

Yes I'm looking for the apparmor patch (2.4 I think it is).

http://wiki.apparmor.net/index.php/Main … ource_code

AppArmor is in the upstream kernel as of 2.6.36.

Do you still need the patch in this case?


Edit:
http://launchpad.net/apparmor/2.7/2.7.r … rc1.tar.gz seems to have kernel patches

[karol@black apparmor-2.7.0~rc1]$ ls kernel-patches/
2.6.36	2.6.36.2  2.6.37  2.6.39  3.0  3.1

http://wiki.apparmor.net/index.php/Dist … n#Patching

Last edited by karol (2011-10-28 18:41:37)

Offline

Board footer

Powered by FluxBB