The Hacker News Logo
Subscribe to Newsletter

Intrusion detected on two FreeBSD Project app dev servers

The FreeBSD team has announced over the weekend that two machines within the FreeBSD.org cluster have been compromised and have been consequently pulled offline for analysis.

Security team said on Saturday. "The affected machines were taken offline for analysis. Additionally, a large portion of the remaining infrastructure machines were also taken offline as a precaution,". However it added that the intruder had sufficient access to modify third party packages, many of which are compiled and installed through FreeBSD's ports system.

Audits have been performed to verify the infrastructure and source trees are clean and the suspect machines "are either being re installed  retired, or thoroughly audited before being brought back online," the cluster administration team said.

The FreeBSD Project was gearing up for the FreeBSD 9.1 release, however as it is unable to verify the integrity of the package set, that has been removed and will be rebuilt prior to the release. 

The advisory includes several recommendations about the tools users and developers should use for updates, source code copying and signed binary distribution.

Have something to say about this article? Comment below or share it with us on Facebook, Twitter or our LinkedIn Group.
SHARE
Comments
Latest Stories
Best Deals

Newsletter — Subscribe for Free

Join over 500,000 information security professionals — Get the best of our cyber security coverage delivered to your inbox every morning.