Any views expressed within media held on this service are those of the contributors, should not be taken as approved or endorsed by the University, and do not necessarily reflect the views of the University in respect of any particular issue.

Computing Systems

Computing Systems

Informatics Computing Staff jottings

SSH Server Compromise

As many users will have noticed, the Informatics SSH server ‘dunlin’ was unavailable from the morning of Thursday 26th July until the afternoon of Tuesday 31st July. This was because the root account on the system was compromised and an attempt was made to insert a rootkit into the kernel.

The configuration of this system meant that attempts to infiltrate the kernel were unsuccessful and we are confident that no passwords or other sensitive data were acquired by the attacker. The attack did cause the machine to crash, our procedures for handling crashes led to us spotting the system compromise very quickly.

A thorough investigation of the incident was carried out which allowed us to rapidly identify the account which had been used to gain access and get the password changed so that the attack could not continue against other servers. We were also able to identify the method in which privilege escalation was achieved. We have since applied a security fix to all DICE machines and they have been rebooted to ensure the same method cannot be used again.

SSH Server Compromise / Computing Systems by is licensed under a

Posted by

Categories

Uncategorized

Tags

No tags have been added to this post.

Previous post

Next post

Leave a reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

SSH Server Compromise / Computing Systems by is licensed under a
css.php

Report this page

To report inappropriate content on this page, please use the form below. Upon receiving your report, we will be in touch as per the Take Down Policy of the service.

Please note that personal data collected through this form is used and stored for the purposes of processing this report and communication with you.

If you are unable to report a concern about content via this form please contact the Service Owner.

Please enter an email address you wish to be contacted on. Please describe the unacceptable content in sufficient detail to allow us to locate it, and why you consider it to be unacceptable.
By submitting this report, you accept that it is accurate and that fraudulent or nuisance complaints may result in action by the University.

  Cancel