Hi, on a system which authenticates against OSGeo LDAP I found
suspicious processes running under permissions of the user "steve".
This user definitely needs a new password - do we have a tool to set
new passwords without directly operating on the LDAP server ?
Cheers,
Martin.
--
Unix _IS_ user friendly - it's just selective about who its friends are !
--------------------------------------------------------------------------
Martin,
Details on interacting with LDAP are available at:
http://wiki.osgeo.org/wiki/SAC:LDAP
My process is generally to search for the user with:
https://www.osgeo.org/cgi-bin/auth/ldap_web_search.py
and then reset the password for the user after picking them.
I would be interested in knowing what processes were running where. If Steve’s account is compromised it might make sense to withdraw shell login access till we work out what happened. Steve is my Google Summer of Code student for OSGeo4W work.
Best regards,
Frank
On Wed, Aug 7, 2013 at 4:10 PM, Martin Spott <Martin.Spott@mgras.net> wrote:
Hi, on a system which authenticates against OSGeo LDAP I found
suspicious processes running under permissions of the user “steve”.
This user definitely needs a new password - do we have a tool to set
new passwords without directly operating on the LDAP server ?Cheers,
Martin.Unix IS user friendly - it’s just selective about who its friends are !
Sac mailing list
Sac@lists.osgeo.org
http://lists.osgeo.org/mailman/listinfo/sac
–
---------------------------------------±-------------------------------------
I set the clouds in motion - turn up | Frank Warmerdam, warmerdam@pobox.com
light and sound - activate the windows | http://pobox.com/~warmerdam
and watch the world go round - Rush | Geospatial Software Developer
Hi Steve,
apparently someone somehow managed to guess your password, logged into
one of those machines which provide shell login to OSGeo "shell" users
and subsequently changed your password at 2013-08-06 13:54:43 UTC.
Finally the affected machine was used to run pscan2/scanssh to randomly
scan SSH access on other systems.
Your password is now safe because I set it to a random string and I
suggest you negotiate with FrankW to set a new password. I invite
everybody to join me in checking the other OSGeo servers for similar
abuse of the "steve" or other logins.
Cheers,
Martin.
--
Unix _IS_ user friendly - it's just selective about who its friends are !
--------------------------------------------------------------------------
Martin,
I’ve provided Steve with a new password. Thanks for identifying the compromise.
Best regards,
Frank
On Thu, Aug 8, 2013 at 2:14 AM, Martin Spott <Martin.Spott@mgras.net> wrote:
Hi Steve,
apparently someone somehow managed to guess your password, logged into
one of those machines which provide shell login to OSGeo “shell” users
and subsequently changed your password at 2013-08-06 13:54:43 UTC.
Finally the affected machine was used to run pscan2/scanssh to randomly
scan SSH access on other systems.Your password is now safe because I set it to a random string and I
suggest you negotiate with FrankW to set a new password. I invite
everybody to join me in checking the other OSGeo servers for similar
abuse of the “steve” or other logins.Cheers,
Martin.Unix IS user friendly - it’s just selective about who its friends are !
–
---------------------------------------±-------------------------------------
I set the clouds in motion - turn up | Frank Warmerdam, warmerdam@pobox.com
light and sound - activate the windows | http://pobox.com/~warmerdam
and watch the world go round - Rush | Geospatial Software Developer