Following on from all the compromises at CERN, Lyon, ....
One important thing to fix is the vulnerability that allows
the localy comprosised account to elevate themselves to
root.
For redhat 6.2 there is no fix from redhat although 2.2 kernels
are vulnerable.
The easy way to stop this happening:
+ To the end of
/etc/rc.d/rc.local
add
echo "/no/such/file" > /proc/sys/kernel/modprobe
and manually add it now to avoid rebooting.
As far as the current sistuation is concerned it is problably
just the UIs since the initial connection comes from a compromised
account. It is of course sensible to do everywhere.
This will stop any modules being loaded into the kernel once
the machine is up and running.
+ There is a less easy way using /etc/sysctl.conf but thats left as
an exercise.
Steve
--
Steve Traylen
[log in to unmask]
http://www.gridpp.ac.uk/
|