Hi list I've been monitoring the list for a while now. Seems there are some very knowledgeable people here. Originally I was going to ask about some vpn-stuff, but then this happened:
Running Dachstein on a three-way box with LAN (192.*.*.*) and DMZ (10.*.*.*), at a remote location. Everything seems to work (well pretty much anyway). I have web, mail, ftp and ssh forwarded through to dmz-host. As I logged in on the dach-box (ssh to dmz-host, and ssh from there to dach-box) last night it started the whole 'host unknown, somebody might be eavesdropping, do you want to continue?'-thing. Now this was because I was using a host (on my home lan) that I don't usually use for this. So I went to the machine that I *do* use for this, logged in (no problem) first to the dmz-box, and then to the dach-box. I then looked at 'last', and then I got worried: # last USER TTY PID TIMEON FROM reboot ~ 0 22545 2.2.19 root ttyp0 845 22491 192.*.*.* root ttyp0 1532 21794 UNKNOWN root ttyp0 1540 21791 10.*.*.* root ttyp0 1554 21785 10.*.*.* root ttyp0 5385 12592 10.*.*.* root ttyp0 5505 12518 10.*.*.* root ttyp0 6824 10156 10.*.*.* root ttyp0 9046 5075 192.*.*.* root ttyp0 10667 1576 10.*.*.* root ttyp0 11313 1140 10.*.*.* root ttyp0 11804 176 10.*.*.* root ttyp0 12220 135 10.*.*.* root ttyp0 12235 119 10.*.*.* root ttyp0 12263 78 10.*.*.* root ttyp0 12597 70 10.*.*.* root ttyp0 13135 56 10.*.*.* root ttyp0 13744 26 10.*.*.* root ttyp0 13758 23 10.*.*.* root ttyp0 13769 18 10.*.*.* root ttyp0 13829 0 10.*.*.* Looking at the logs, I can see that this UNKNOWN corresponds to a root-login yesterday *morning*. The only other person who has access to these systems, tells me it wasn't him... Now I'm pretty new at this stuff, so I really would appreciate some opinions on this... Should I *be* worried, is there a way to check whether stuff has been tampered-with? I'll post further info, as requested/required. TIA Sincerely Jon Clausen _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
