Re: Build statues in honor of Linus
Not that he has been doing a particularly good job at that, or shown much security clue, but certainly more clue than Linus.
I've spent a little while over the last couple of days remotely monitoring some suspicious traffic on a machine I part-time administer for someone else.
My philosophy is "watch, learn, act" - I watched, I spent some time learning about a few processes and tools I'd not yet had to learn about, and I acted - in this case to decide "almost certainly nothing to worry about" but make a few system changes to lessen any potential attack surface (as far as I can tell it was "none" but a little bit extra security should be fine). Oh, and to run a few other basic security checks.
Now, I could've run "sudo shutdown -h now" which is pretty much the equivalent to what Kees Cook would've done, but that a) would've not solved the problem and b) led to other problems, like the server not being able to perform it's other duties.
If I'd "paniced the kernel" (ie shut down) everything stops - monitoring, logging, ability to watch what's going on, and the ability for some of the staff to do their jobs. "Suspicious behaviour" that turned out to be a non-issue could've had his staff sitting around twiddling their thumbs while I travelled to location, isolated the machine from the network (the arduous task of unplugging the patch cable), and proceeded to spend hours upon hours scanning for the "cause" while also trying to check and if necessary secure the router and so on, or it could be left up, checked in-situ for the nature of the suspicious behaviour, with a phone call from me to do an urgent power down (pull the mains plug) should it look like more of a risk.
[BTW, the action? He'd thought it'd be great to chuck a torrent client on his always-on server, and later denied knowledge - the persistent Ukraine addresses probably weren't hackers trying to come in, they were most likely other clients wanting the series he'd been downloading - so the action was 2 fold 1) to have a discussion with him, his wife, and a couple of the other staff about system security and 2) to lock him out of the server admin (ie change the password). I do have to figure out a secure way to make it available (in case I'm not available) but so that he cannot get it without bloody good reason
Oh, and for some reason Nethogs wasn't showing transmission in the list, or any programs, just IP's (hence why I didn't detect it much sooner) - I see on some machines it does and some it doesn't ^O^ .
At least I have my Christmas travel costs sorted after this ;) ]