<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
That is a leftover "mandated" from above. It will be disabled in the
RC.<br>
<br>
Steve N4IRS<br>
<br>
<div class="moz-cite-prefix">On 5/10/2017 3:15 PM, Steve Passmore
wrote:<br>
</div>
<blockquote
cite="mid:CAMkXzgQAFzgoBNhMyMPy2wwdN0Q=Lm+y8iAKQr-uyumz--FEnw@mail.gmail.com"
type="cite">
<div dir="ltr">Does anyone know what the user "debian" is used for
in the DIAL distro? I had a node compromised where it appears
they guessed the password for the user debian. I note on other
un-compromised nodes there is a preexisting user "debian" with a
password set.
<div>The attacker installed a bitcoin miner, storing their files
under /var/tmp/.new chrootkit reported it as possibly
being the Mumblehard backdoor.
<div><br>
</div>
<div>I'd suggest anyone with a DIAL node, at the very least,
remove the user "debian"'s password.<br>
<br>
passwd -d debian<br>
<br>
Steve, k6kya</div>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
App_rpt-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:App_rpt-users@lists.allstarlink.org">App_rpt-users@lists.allstarlink.org</a>
<a class="moz-txt-link-freetext" href="http://lists.allstarlink.org/cgi-bin/mailman/listinfo/app_rpt-users">http://lists.allstarlink.org/cgi-bin/mailman/listinfo/app_rpt-users</a>
To unsubscribe from this list please visit <a class="moz-txt-link-freetext" href="http://lists.allstarlink.org/cgi-bin/mailman/listinfo/app_rpt-users">http://lists.allstarlink.org/cgi-bin/mailman/listinfo/app_rpt-users</a> and scroll down to the bottom of the page. Enter your email address and press the "Unsubscribe or edit options button"
You do not need a password to unsubscribe, you can do it via email confirmation. If you have trouble unsubscribing, please send a message to the list detailing the problem. </pre>
</blockquote>
<br>
</body>
</html>