had you just done a MandrakeUpdate or upgraded the XFree86 package? anyway, copy some handy binaries like netstat and find and ps from another Linux box. (yes, the rescue mode on the CD might have these, but if you reboot you're going to make it harder to see active connections.) /mnt/floppy/netstat -atun and look for suspicious stuff like ssh and irc. /mnt/floppy/ps auxfc |less. Use find to look for directories with names like "..." and " ". Get chkrootkit too, great tool.
On Mon, 2002-11-04 at 17:32, Ken Hawkins wrote: > I thinks its bad.. this was in my messages log file, where i went snooping after > the hard drive on my laptop started thrashing, along with musical beeps from my > speakers. > > I'm too dense, and have too many other projects on the go to chase this down, but > if others have ideas, or want more info, I'll be glad to follow directions. in a > day or two, I'll be blowing this laptop clean to do a fresh install, since I dont > know enough to clean it out or pursue hackers > > Ken > > mNov 3 04:02:05 kenlap syslogd 1.4.1: restart. > Nov 3 04:04:08 kenlap : > Nov 3 04:04:08 kenlap : Security Warning: Change in Suid Root files found : > Nov 3 04:04:08 kenlap : - Added suid root files : /usr/X11R6/bin/Xwrapper > Nov 3 04:04:08 kenlap : - Removed suid root files : /usr/X11R6/bin/Xwrapper > Nov 3 04:04:08 kenlap : > Nov 3 04:04:08 kenlap : Security Warning: Changes in Suid Group files found : > Nov 3 04:04:08 kenlap : - Added suid group files : /usr/X11R6/bin/xhextris > Nov 3 04:04:08 kenlap : - Removed suid group files : /usr/X11R6/bin/xhextris > Nov 3 04:04:08 kenlap : > Nov 3 04:04:08 kenlap : Security Warning: Change in World Writeable Files found : > Nov 3 04:04:08 kenlap : - Added writables files : /home/ken/Documents/Crissy Resume >2002.doc > Nov 3 04:04:08 kenlap : - Added writables files : /home/ken/myweb/Icon_ > Nov 3 04:04:08 kenlap : - Added writables files : /tmp/.esd > Nov 3 04:04:08 kenlap : - Added writables files : /tmp/.esd/socket > Nov 3 04:04:08 kenlap : - Added writables files : /tmp/.font-unix > Nov 3 04:04:08 kenlap : - Added writables files : /tmp/.font-unix/fs-1 > Nov 3 04:04:08 kenlap : - Added writables files : /tmp/medusa-idled-service > Nov 3 04:04:08 kenlap : - Removed writables files : /home/ken/Documents/Crissy >Resume 2002.doc > Nov 3 04:04:08 kenlap : - Removed writables files : /home/ken/myweb/Icon_ > Nov 3 04:04:08 kenlap : - Removed writables files : /tmp/.esd > Nov 3 04:04:08 kenlap : - Removed writables files : /tmp/.esd/socket > Nov 3 04:04:08 kenlap : - Removed writables files : /tmp/.font-unix > Nov 3 04:04:08 kenlap : - Removed writables files : /tmp/.font-unix/fs-1 > Nov 3 04:04:08 kenlap : - Removed writables files : /tmp/medusa-idled-service > Nov 3 04:04:08 kenlap : > Nov 3 04:04:08 kenlap : Security Warning: the md5 checksum for one of your SUID >files has changed, > Nov 3 04:04:08 kenlap : maybe an intruder modified one of these suid binary in >order to put in a backdoor... > Nov 3 04:04:08 kenlap : - Checksum changed files : /usr/X11R6/bin/Xwrapper > Nov 3 04:04:08 kenlap : > Nov 3 04:04:08 kenlap : Security Warning: World Writeable files found : > Nov 3 04:04:08 kenlap : - /home/ken/.galeon/history.xml > Nov 3 04:04:08 kenlap : - /home/ken/Documents/Crissy Resume 2002.doc > Nov 3 04:04:08 kenlap : - /home/ken/myweb/Icon_ > Nov 3 04:04:08 kenlap : - /home/ken/myweb/about.html > > > > > > > > > > -- > Ken > 1982 Type L, 5mge, 5spd better known as "beater" > 320,000km, still solid,colour approx. silver. > Great Wet North. > > > ---- > > Want to buy your Pack or Services from MandrakeSoft? > Go to http://www.mandrakestore.com -- Jack Coates Monkeynoodle: A Scientific Venture...
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
