HowTos/SELinux - CentOS Wiki

2009-11-04 - ssh and sshd trojaned. So one of my systems has had customized password-logging ssh and sshd applications running for quite a while. Yes, I've been r00ted :-( How did I find out? When using svn+ssh protocol subversion repositories, I observed the "Killed by signal 15" message as reported in debian bug #366391, like this: This benchmark is a direct port of a SCAP Security Guide benchmark developed for Red Hat Enterprise Linux.It has been modified through an automated process to remove specific dependencies on Red Hat Enterprise Linux and to function with CentOS.The result is a generally useful SCAP Security Guide benchmark with the following caveats:. CentOS is not an exact copy of Red Hat Enterprise Linux. NOTE: OpenSSH does not have the ssh 1.2.27 rsa bug. but also SECURITY FIX: The USA version of the ssl library package, called sslUSA26, contained buffer overflows. A binary patch is available for people who installed before December 3. and The third ssh jumbo patch is now available. Processes inherit user's rights: Firefox, if compromised by a trojaned version, could read a user's private ssh keys even though it has no reason to do so. Essentially under the traditional DAC model, there are two privilege levels, root and user, and no easy way to enforce a model of least-privilege. These are back to listening on all available interfaces. Port 22 is sshd, the Secure Shell server daemon. This is a good sign! Notice that the service for port 631 does not have a service name if we look at the output in the first example. This might be a clue that something unusual is going on here. (See the next section for the answer to this

[index] [12589] [30203] [10614] [21998] [9462] [7562] [13642] [13373] [10825] [6865]

Flag Counter