[CentOS] SSHD rootkit in the wild/compromise for CentOS 5/6?
Guolin Cheng
gcheng at salesforce.comTue Feb 26 17:57:43 UTC 2013
- Previous message: [CentOS] SSHD rootkit in the wild/compromise for CentOS 5/6?
- Next message: [CentOS] SSHD rootkit in the wild/compromise for CentOS 5/6?
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
It makes some sense to follow RHEL's suit, but Gelen's suggestions gain more points here too. As end users we probably turn off the default prelink settings after RHEL/Centos initial installation, it is not a rocket technology. On 2/26/13 8:10 AM, "Johnny Hughes" <johnny at centos.org> wrote: On 02/25/2013 04:24 PM, Gelen James wrote: > 'rpm -V' can be misleading, if taking into account of prelink on Redhat/Centos Boxes which is running through cron by default. I've shown the steps on reverse the effect of prelink at the comments sections at link https://isc.sans.edu/diary/SSHD+rootkit+in+the+wild/15229?storyid=15229. I'm afraid that 'rpm -V' only will make big noises or false alarms. > > But in general, maybe it is a good time to turn off prelink, or more aggressively, remove prelink packages from Centos 5/6? the prelink is said to bring some performance boost, but who really cares in the era of tens of CPUs? nowadays and later on we are -- and will -- more concerned on security threats instead of 3~5 percents CPU/performance gain, right? RHEL does prelinking by default, we therefore will never turn it off in CentOS by default.
- Previous message: [CentOS] SSHD rootkit in the wild/compromise for CentOS 5/6?
- Next message: [CentOS] SSHD rootkit in the wild/compromise for CentOS 5/6?
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS mailing list