libkeyutils rootkits for RPM based distros?
tensai at zmonkey.org
Tue Mar 12 13:57:55 MDT 2013
On 03/12/2013 11:53 AM, Steve Alligood wrote:
> Seems cpanel support make people give them root access to login and
> fix things for their customers, and rumor is that one of their
> support personnel was running an infected windows with a key logger.
> Whomever was getting the passwords was then installing this root
Well, "make" is probably a strong word. The cPanel support ticket
process has the option of giving them a root password, but it's not
required in every case. They do request it sometimes so they can
> Aka, never give anyone root access on your servers, and if you have
> to violate that rule, give them a key that you can revoke.
As I recall (been a while since I opened a cPanel ticket so I could be
wrong), they don't have a setup for using SSH keys. Pity. In the cases
where I've had to give out root credentials for vendors I've always gone
the route of changing the password just for them. I would recommend at
least doing that.
More information about the PLUG