libkeyutils rootkits for RPM based distros?

Corey Edwards tensai at zmonkey.org
Tue Mar 12 13:57:55 MDT 2013


On 03/12/2013 11:53 AM, Steve Alligood wrote:
> Seems cpanel support make people give them root access to login and
> fix things for their customers, and rumor is that one of their
> support personnel was running an infected windows with a key logger.
> Whomever was getting the passwords was then installing this root
> kit.

Well, "make" is probably a strong word. The cPanel support ticket
process has the option of giving them a root password, but it's not
required in every case. They do request it sometimes so they can
investigate further.

> Aka, never give anyone root access on your servers, and if you have
> to violate that rule, give them a key that you can revoke.

As I recall (been a while since I opened a cPanel ticket so I could be
wrong), they don't have a setup for using SSH keys. Pity. In the cases
where I've had to give out root credentials for vendors I've always gone
the route of changing the password just for them. I would recommend at
least doing that.

Corey


More information about the PLUG mailing list