Last week, LinuxFoundation.org, Linux.com, and their subdomains were down for maintenance as a security breach was discovered. This security breach was detected just a few weeks after the kernel.org Linux archive site had suffered a hacker attack. This lead to the Linux Foundation pulling down its websites from the web and cleaning up the problem.
Linux Foundation had a notice posted which said that the entire infrastructure was down as maintenance was going on as a security breach that was discovered. The group said that the decision was made by the LinuxFoundation, to keep the steps in the interest of extreme caution and security best practices. They even said that according to them the breach had something in connection with the intrusion on kernel.org. The announcement had more to say though.
The Linux Kernel Archives (www.kernel.org) security breach was even discovered on August 28th, 2011, but the administrators were of the thought that actually the breach had occurred weeks before the actual discovery was made. The actual intruders were not caught, but it was noted that they had gained root access on the server Hera, which seems to have taken place through a compromised user credential.
The breach at kernel.org was quite ill as the ssh(openssh, openssh-server and openssh-clients) belonging files had an unexpected modification and had started running live while a trojan startup file saw an addition to the system start up scripts. The administrators in this case had the working going on with 448 kernel.org users, so that there could be changes made for their credentials as well as for their SSH keys. There were many reviews even on the concerns displayed by Linux as Kernel.org is where Linux distributors download the source code for Linux’s kernel.
Talking about the restoration service relating to the latest breach, Linux Foundation said that the restoring of services were being tried out “in a secure manner as quickly as possible”. They even had an advice for the users, which seems to be a similar note from the kernel.org advice. They said that the users should “consider the passwords and SSH keys that (they) have used on these sites compromised” and accordingly make changes to them as soon as possible.
There was even an apology from the administrator’s end and said that as the matter was seriously being looked into, for which the patience of the users was being appreciated. For the inclusions and exclusions, it said “The Linux Foundation infrastructure houses a variety of services and programs including Linux.com, Open Printing, Linux Mark, Linux Foundation events and others, but does not include the Linux kernel or its code repositories.” The time frame for the restoration is not given, but ti can be assumed that it would take some real good time as kernel.org, which was offline on August, 28, still continues to be offline.
There was even a separate report posted on The Hacker news, which noted that the breach might have even affected multiple servers which are a part of the Linux Foundation and Linux.com infrastructure. The breaking into the online home of Linux operating system is a brave step chosen by the hackers, as Linux foundation on the whole had to be moved to the offline mode for security reasons.