摩托學園討論區

[pooh9038]

今天早上起已不能連上debian.org,在irc.debian.org上有人透露這消息:
http://article.gmane.org/gmane.linux.debian.user/117910

但亦有人說將會公佈Debian3.0r2 .

等候正式的宣佈

[moto]

補充 pooh9038 說的連結文章內容 :

代碼: 選擇全部

Re: What up with www.debian.org ?
Subject: Re: What up with www.debian.org ?
From: Raghavendra Bhat <ragu <at> asianetonline.net>
Date: Fri, 21 Nov 2003 13:07:20 +0530
Newsgroups: gmane.linux.debian.user
Old-return-path: <ragu <at> vsnl.com>

Jerome posts:

>> What happens to www.debian.org ?

Someone has cracked all the servers of the Debian Project. There has
been a severe security mishap and guys should uninstall all stuff
downloaded and installed in the past 2 days. Please do not apt-get
anything right now! Please wait till an `official' release happens!

--
ragOO


如果屬實就太可怕了... apt-get 固然好用.. 大家還是要審慎選擇 sources 站台..

ps.如果連 debian 官方都被 crack ... 那實在真慘...

[訪客]

要如何去檢查機器有沒有被裝一些有的沒的?

[octapult]

真是糟糕，我昨天才 apt-get 升級了一大堆 libc 相關 package...

[BBNS]

官方公佈:
http://cert.uni-stuttgart.de/files/fw/d ... 031121.txt

Debian package archieve除了non-us和security外，其餘不受影響。

[阿信]

官方公佈:
http://cert.uni-stuttgart.de/files/fw/d ... 031121.txt

Debian package archieve除了non-us和security外，其餘不受影響。

嗚嗚嗚...難怪今天要upgrade security卻一直無法連線。

[huki]

難怪喔！
太可怕了
最近好多hacker都想來弄一下linux
真可怕~~~~

[chuany]

節錄今早在 #debian.tw IRC 對話:

代碼: 選擇全部

09:11 <@chuany> irc.seed.net.tw 掛點了
09:11 <@chuany> security.debian.org 也連不上
09:11 <@chuany> @_@
09:12 <@AceLan> ccc
09:14 <@chuany> AceLan 大大早安.
09:20  * AceLan 貪婪地舔了舔 chuany 的臉。
09:20 <@AceLan> seednet 活過來了
09:20 <@AceLan> 大家忙著給 op :p
09:21 <@chuany> AceLan: 哇!
09:21 <@chuany> AceLan: 大大英明, 大大剛剛把 irc.seed.net.tw 修好啦?
09:21 <@AceLan> @_@
09:22 <@AceLan> 是的 我將 irc.seed.net.tw 的網路線給接上去了 XD
09:22 <@chuany> AceLan: 原來兇手是你啊 :p
09:23 <@chuany> AceLan: 那幫我把 security.debian.org 的網路線也插一下吧 ;)
09:23 <@AceLan> 不好意思 我昨天晚上睡覺時去踢到線了 XD
09:23 <@AceLan> 這邊線好多 我得要找一下
09:24 <@chuany> AceLan: 好 我等你
09:24 <@AceLan> chuany: 慢慢等 總有一天我會找到他的 XD


我一直以為是 AceLan 大大晚上睡覺時踢到線了說.

[huki]

2003年11月21日

很遺憾必須公佈這個事件。有一些Debian伺服器在最近24小時內被發現受到損壞。

這個檔案庫並未遭到波及。

下列是已經受到影響的機器：

●master (錯誤追蹤系統)

●murphy (郵件清單)

●gluck (網站, cvs版本控制系統)

●klecker (安全性, non-us, 網頁搜尋, 全球資訊網)

目前已有些服務無法取得，因為在進行封閉檢測工作。另外有一些服務則是被轉移至其他機器(例如www.debian.org)。這個安全檔案文獻在經過可信任的來源確認後，才會再恢復提供服務。

Debian Project最近已準備了一個修正Debian GNU/Linux 3.0 (又名woody)的3.0r2版本。尚未發表，不過已經完成了。原訂於今早公佈，現在被迫得延後了。目前正在檢試這個更新版，但它並未受到損害。

Debian Project對未來幾天無法提供服務一事表示歉意。他們正在修復這些服務並查驗檔案內容。

中文原文：http://free.tnc.edu.tw/modules/news/article.php?storyid=493

原文：http://linuxtoday.com/security/2003112101226SCDBSV

[pooh9038]

有關debian.org的進一步消息:

http://www.wiggy.net/debian/status/

Last updated: Sat, 22 Nov 2003 17:13:45 UTC
After a two days we have a reasonable overview of what happened to the various Debian servers and what we need to do to get everything up and running again. This mail has an overview of the current status and what will happen in the next few days.
Let's start with the current status: four machines (gluck, klecker, master and murphy) are known to be compromised. All services on those machines have been shut down or moved to different machines so we can take the necessary time to determine what happened and restore the machines.
non-US, security.debian.org and the other websites running on klecker are back online for FTP and HTTP access. Archive maintenance is still down for now, so no new packages will be installed. The non-US and security archives have been verified using logs and MD5 hashes from multiple different trusted mirrors.
master, murphy and gluck have been reinstalled. Currently data and services are being restored on them.
All password used on quantz (ie all Alioth, arch and svn passwords) have been invalidated. Please use the lost password system to get a new password. Since Alioth routes email for Debian developers via the debian.org domain which is currently not yet functional they can not do this at this moment. We expect debian.org email services to be restored this weekend though. All ssh authorised keys have been removed as well.
All accounts on other machines have been locked as a safety precaution. If you have or had access to a Debian machine and were using the same password on other machines you are strongly advised to change it as soon as possible. When the cleanup is done all passwords will be invalidated and accounts unlocked and people can request a new password through the email robot on db.debian.org .
We expect to need until Wednesday and ask for your patience until then. Afterwards when we have all the facts we will explain what exactly happened and how we hope to prevent this from happening again in the future.

小弟的問題是,這兩天有關debian servers的消息都是來自多個非正式的渠道,無從証明它的真確性.

不知debian組織有沒有訂下在發生緊急事故時(如目前),統一發放消息的
途徑?

以後安裝或升級軟件的時候要小心一點,不知有沒有自動的方法在set up前核對套件的md5sum,正確才繼續進行裝上.

有一點題外話,小弟發現debian網頁的中文化是在各主要distributions中做得最好,是否與自發性有關?

[palmpilote]

安裝的時候就有md5的比對了
如果資料正確，是不用太擔心
就怕連md5sum的紀錄都被修改了，那這樣也沒辦法了

[carlos]

可以通过debsig-verify来验证，基于GPG signature的

[kahn]

剛剛用 apt-get update;apt-get dist-upgrade
出現:
了解套件依存關係中... Done
用『apt-get -f install』指令或許能修正這些問題。
下列的套件有無法滿足的依存關係：
python2.3-tk: 依存關係: python2.3 (= 2.3.2-6) 但是『2.3.2-4』卻已經安裝好了。
E: Unmet dependencies. Try using -f.

[pooh9038]

到現在為止仍未有更新套件上載(我用ftp.debian.org testing及unstable),不知是否仍未完全修復?

我有一些相依性問題要等更新套件來解決.

[pooh9038]

看來debian org 所受的打擊不淺,已有十天沒有更新套件上載.

一個不能更新的debian系統就像一只沒有翅膀的小鳥.

不知何時可回復正常?