I just noticed that our raq550 interface not working. The admserv error log said that
Address already in use: make_sock: could not bind to port 444
sure enough:
[root /root]# netstat -anp | grep :444
tcp 0 0 0.0.0.0:444 0.0.0.0:* LISTEN 5808/sshd
and
tcp 0 0 0.0.0.0:81 0.0.0.0:* LISTEN 5808/sshd
Other than that I can find nothing unusual, apart from group nobody on ssh-agent -- can someone pls confirm for me if that is wrong?
-rwxr-sr-x 1 root nobody 52492 Sep 24 08:50 /usr/bin/ssh-agent
chkrookit comes up blank, no new files or users, all history & logs are intact as far as I can tell.
Have to admit we were a few patches behind, but firewalled on all but http and ssh ports.
Any advice where to look next? This machine is just a backup mirror so I could do the OSRCD, but would really like to know how this happened...
Thanks, Julian
_______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
