Hacked Gentoo Linux server taken offline
A server used by the open-source project has been compromised by attackers and subsequently pulled offline for a full forensic analysis.
The attack and subsequent compromise comes after several machines belonging to the Debian Linux project were breached by attackers last month. A forensic analysis of the Debian machines revealed that no software packages or source code offered for download were affected--a claim now being made by Gentoo.
 | ||||
| | | ||
| Get Up to Speed on... Open source  Get the latest headlines and company-specific news in our expanded GUTS section. | | ||
| ||||
| ||||
The maintainers of the Gentoo Linux distribution released a statement that describes the incident: "One of the servers that makes up the rsync.gentoo.org rotation was compromised via a remote exploit," it reads. "The compromised system had both an IDS and a file integrity checker installed and...we are reasonably confident that the portage tree stored on that box was unaffected."
The Gentoo team claimed that the breach was detected within approximately 1 hour.
"During this time, approximately 20 users synchronized against the portage mirror stored on this box. The method used to gain access to the box remotely is still under investigation. We will release more details once we have ascertained the cause of the remote exploit," the statement said.
The machine didn't actually belong to the project. It was donated by a sponsor, whose identity so far undisclosed.
| ||||
| | | ||
| Get Up to Speed on... Enterprise security Get the latest headlines and company-specific news in our expanded GUTS section. | | ||
| ||||
| ||||
The Debian project servers were compromised by a previously unknown local vulnerability in the Linux kernel which has since been identified and rectified by a patch.
Patrick Gray of ZDNet Australia reported from Sydney.