(try again.... Sorry... Last mail had missing text!) Dear Santanu, (and all other EGEE/LCG sys admins please take note) *Please* report security incidents to the mail list [log in to unmask] As described in the "Agreement on Incident Response" document... https://edms.cern.ch/document/428035 This is very important. Lcg-rollout is not the correct list for this (although it may be useful for advice etc) A new EGEE Operational Security Coordination Team is being put together by Ian Neilson (CERN). It is possible that this will soon result in a ROC-based support infrastructure for incident response and advice, but the initial reporting of incidents will always require reports to a mail list. In the meantime we only have this mail list. PLEASE use it. Many thanks, Dave ------------------------------------------------ Dr David Kelsey Particle Physics Department Rutherford Appleton Laboratory Chilton, DIDCOT, OX11 0QX, UK e-mail: [log in to unmask] Tel: [+44](0)1235 445746 (direct) Fax: [+44](0)1235 446733 ------------------------------------------------ > -----Original Message----- > From: LHC Computer Grid - Rollout > [mailto:[log in to unmask]] On Behalf Of Santanu Das > Sent: 22 November 2004 10:07 > To: [log in to unmask] > Subject: [LCG-ROLLOUT] compromised ssh > > > Hi, > > We are suspecting that one of our WNs may have been > compromised by a wide-scale ssh probe on Sat from a Taiwanese > host, 192.192.73.5 and as a result, now I can't log in as > root on that WN. I changed the password-cfg.h on LCFG and > remake the profile for that particular node but still I can't > use that new password on that WN. I don't want to reboot that > WN just now. Does anyone know, how that "change of password" > works between LCFG and the WN? Or any idea how can I change > the password on that compromised WN so that I can log in > without rebooting the node? > > Thanks, > Santanu >