An intrusion was recently detected into two machines in the FreeBSD infrastructure; and the attack was facilitated with the help of a stolen SSH authentication key and login credentials. Following this, the affected machines were taken offline for further analysis, and to understand the extent of damage. Here’s what FreeBSD reported on its website about the intrusion,
On Sunday 11 of November, an intrusion was detected on two machines within the FreeBSD.org cluster. The affected machines were taken offline for analysis. Additionally, a large portion of the remaining infrastructure machines were also taken offline as a precaution.
We have found no evidence of any modifications that would put any end user at risk. However, we do urge all users to read the report available at http://www.freebsd.org/news/2012-compromise.html and decide on any required actions themselves. We will continue to update that page as further information becomes known. We do not currently believe users have been affected given current forensic analysis, but we will provide updated information if this changes.
While none of the base repositories were hit by the attack, only servers hosting source code for third-party packages were exposed by the attack. Still, FreeBSD has warned its users to keep a check on third-party packages installed or updated between 19 September and 11 November.
But FreeBSD is not the only open source operating system that suffered a server intrusion, as we saw Linux servers too suffering a malware attack and server compromise last year. The Linux intruder managed to gain root access to a server known as Hera and “a number of servers in the kernel.org infrastructure were compromised” according to a notice posted on Kernel.org. This resulted in taking down of kernel.org for more than a month.