Enclosed are 2 attachments. They were sent to my root account by my system.
They look like trouble...can one of you "guru's" look at them and tell me why
I'm getting these messages? Thanks!
PS In the case of the ports warning, I am running pmfirewall so...
--
/\
Dark><Lord
\/
>From [EMAIL PROTECTED] Fri Oct 6 04:02:23 2000
Status: R
>From nobody Fri Oct 6 04:02:23 2000
Return-Path: <[EMAIL PROTECTED]>
Delivered-To: [EMAIL PROTECTED]
Received: by localhost.localdomain (Postfix, from userid 0)
id AB061C11A; Fri, 6 Oct 2000 04:02:23 -0400 (EDT)
To: [EMAIL PROTECTED]
Subject: *** Diff Check, Fri Oct 6 04:02:23 EDT 2000 ***
Message-Id: <[EMAIL PROTECTED]>
Date: Fri, 6 Oct 2000 04:02:23 -0400 (EDT)
From: [EMAIL PROTECTED] (root)
Security Warning: There is modifications for port listening on your machine :
- Opened ports : tcp 0 0 *:6000 *:*
LISTEN 2441/X
- Opened ports : tcp 0 0 *:8021 *:*
LISTEN 622/python
- Opened ports : tcp 0 0 *:10000 *:*
LISTEN 818/perl
- Opened ports : tcp 0 0 *:mysql *:*
LISTEN 729/mysqld
- Opened ports : tcp 0 0 *:www *:*
LISTEN 649/httpd
- Opened ports : tcp 0 0 *:smtp *:*
LISTEN 603/master
- Opened ports : tcp 0 0 *:printer *:*
LISTEN 480/lpd
- Opened ports : tcp 0 0 *:617 *:*
LISTEN 468/nlservd
- Opened ports : tcp 0 0 *:gds_db *:*
LISTEN 458/inetd
- Opened ports : tcp 0 0 *:pop3 *:*
LISTEN 458/inetd
- Opened ports : tcp 0 0 *:auth *:*
LISTEN 396/identd
- Opened ports : tcp 0 0 *:sunrpc *:*
LISTEN 325/portmap
- Opened ports : udp 0 0 *:10000 *:*
818/perl
- Opened ports : udp 0 0 *:sunrpc *:*
325/portmap
- Closed ports : tcp 0 0 *:6000 *:*
LISTEN 942/X
- Closed ports : tcp 0 0 *:8021 *:*
LISTEN 684/python
- Closed ports : tcp 0 0 *:10000 *:*
LISTEN 854/perl
- Closed ports : tcp 0 0 *:mysql *:*
LISTEN 778/mysqld
- Closed ports : tcp 0 0 *:www *:*
LISTEN 711/httpd
- Closed ports : tcp 0 0 *:smtp *:*
LISTEN 665/master
- Closed ports : tcp 0 0 *:printer *:*
LISTEN 542/lpd
- Closed ports : tcp 0 0 *:617 *:*
LISTEN 530/nlservd
- Closed ports : tcp 0 0 *:gds_db *:*
LISTEN 520/inetd
- Closed ports : tcp 0 0 *:pop3 *:*
LISTEN 520/inetd
- Closed ports : tcp 0 0 *:auth *:*
LISTEN 458/identd
- Closed ports : tcp 0 0 *:sunrpc *:*
LISTEN 387/portmap
- Closed ports : udp 0 0 *:10000 *:*
854/perl
- Closed ports : udp 0 0 *:sunrpc *:*
387/portmap
>From [EMAIL PROTECTED] Fri Oct 6 04:02:25 2000
Status: R
>From nobody Fri Oct 6 04:02:25 2000
Return-Path: <[EMAIL PROTECTED]>
Delivered-To: [EMAIL PROTECTED]
Received: by localhost.localdomain (Postfix, from userid 0)
id E9C27C11A; Fri, 6 Oct 2000 04:02:25 -0400 (EDT)
To: [EMAIL PROTECTED]
Subject: *** Security Check, Fri Oct 6 04:02:25 EDT 2000 ***
Message-Id: <[EMAIL PROTECTED]>
Date: Fri, 6 Oct 2000 04:02:25 -0400 (EDT)
From: [EMAIL PROTECTED] (root)
Security Warning: World Writeable files found :
- /etc/icalicense
- /home/darklord/office52/share/config/new/_05_text.url
- /home/darklord/office52/share/config/new/_10_sprd.url
- /home/darklord/office52/share/config/new/_15_pres.url
- /home/darklord/office52/share/config/new/_20_draw.url
- /home/darklord/office52/share/config/new/_25_sep.url
- /home/darklord/office52/share/config/new/_30_html.url
- /home/darklord/office52/share/config/new/_35_mail.url
- /home/darklord/office52/share/config/new/_40_fram.url
- /home/darklord/office52/share/config/new/_45_mstr.url
- /home/darklord/office52/share/config/new/_48_data.url
- /home/darklord/office52/share/config/new/_50_sep.url
- /home/darklord/office52/share/config/new/_55_chrt.url
- /home/darklord/office52/share/config/new/_60_img.url
- /home/darklord/office52/share/config/new/_65_for.url
- /home/darklord/office52/share/config/new/_67_lab.url
- /home/darklord/office52/share/config/new/_68_busi.url
- /home/darklord/office52/share/config/new/_70_sep.url
- /home/darklord/office52/share/config/new/_75_tpl.url
- /home/darklord/office52/share/config/wizard/_05_lttr.url
- /home/darklord/office52/share/config/wizard/_10_fax.url
- /home/darklord/office52/share/config/wizard/_15_agnd.url
- /home/darklord/office52/share/config/wizard/_20_memo.url
- /home/darklord/office52/share/config/wizard/_25_sep.url
- /home/darklord/office52/share/config/wizard/_30_pres.url
- /home/darklord/office52/share/config/wizard/_35_sep.url
- /home/darklord/office52/share/config/wizard/_40_web.url
- /home/darklord/office52/share/config/wizard/_45_sep.url
- /home/darklord/office52/share/config/wizard/_50_tabl.url
- /home/darklord/office52/share/config/wizard/_55_rprt.url
- /home/darklord/office52/share/config/wizard/_60_form.url
- /home/darklord/office52/share/config/wizard/_65_qury.url
- /home/darklord/office52/share/config/wizard/_70_sep.url
- /home/darklord/office52/share/config/wizard/_75_msi.url
- /home/darklord/office52/share/config/wizard/_80_iset.url
- /home/darklord/office52/share/config/wizard/_85_euro.url
- /tmp
- /tmp/.X11-unix
- /tmp/.X11-unix/X0
- /tmp/.font-unix
- /tmp/.font-unix/fs-1
- /usr/knox/log/nlpc.lck
- /usr/knox/log/nlpc.lg1
- /usr/lib/ViaVoice
- /usr/lib/ViaVoice/bin
- /usr/lib/ViaVoice/bin/buildpol
- /usr/lib/ViaVoice/bin/convuser
- /usr/lib/ViaVoice/bin/fsgenum
- /usr/lib/ViaVoice/bin/fsgprint
- /usr/lib/ViaVoice/bin/fsgtest
- /usr/lib/ViaVoice/bin/vtbnfc
- /usr/lib/ViaVoice/include
- /usr/lib/ViaVoice/include/smapi.h
- /usr/lib/ViaVoice/include/smargs.h
- /usr/lib/ViaVoice/include/smcallb.h
- /usr/lib/ViaVoice/include/smcomm.h
- /usr/lib/ViaVoice/include/smlimits.h
- /usr/lib/ViaVoice/include/smmsg.h
- /usr/lib/ViaVoice/include/smrc.h
- /usr/lib/ViaVoice/include/vtbnfc.h
- /usr/lib/ViaVoice/samples
- /usr/lib/ViaVoice/samples/Makefile
- /usr/lib/ViaVoice/samples/audio
- /usr/lib/ViaVoice/samples/audio/audbase.c
- /usr/lib/ViaVoice/samples/audio/audoss
- /usr/lib/ViaVoice/samples/audio/audoss/Makefile
- /usr/lib/ViaVoice/samples/audio/audoss/audoss.c
- /usr/lib/ViaVoice/samples/audio/audoss/audoss.exp
- /usr/lib/ViaVoice/samples/audio/audoss/audoss.so
- /usr/lib/ViaVoice/samples/audio/inc
- /usr/lib/ViaVoice/samples/audio/inc/audbase.h
- /usr/lib/ViaVoice/samples/audio/inc/audrtns.h
- /usr/lib/ViaVoice/samples/audio/inc/logging.h
- /usr/lib/ViaVoice/samples/audiog
- /usr/lib/ViaVoice/samples/audiog/AudioGuru
- /usr/lib/ViaVoice/samples/audiog/Makefile
- /usr/lib/ViaVoice/samples/audiog/audiog
- /usr/lib/ViaVoice/samples/audiog/audiosetup.xpm
- /usr/lib/ViaVoice/samples/audiog/dialog.c
- /usr/lib/ViaVoice/samples/audiog/global.h
- /usr/lib/ViaVoice/samples/audiog/main.c
- /usr/lib/ViaVoice/samples/audiog/record.c
- /usr/lib/ViaVoice/samples/audiog/smartlaw.wav
- /usr/lib/ViaVoice/samples/audiog/vacompl.wav
- /usr/lib/ViaVoice/samples/audiog/volume.c
- /usr/lib/ViaVoice/samples/audiog/welcome.c
- /usr/lib/ViaVoice/samples/audiolib
- /usr/lib/ViaVoice/samples/audiolib/audsetup.h
- /usr/lib/ViaVoice/samples/audiolib/libaud.so
- /usr/lib/ViaVoice/samples/audiolib/mictype.h
- /usr/lib/ViaVoice/samples/bldpools
- /usr/lib/ViaVoice/samples/bldpools/Makefile
- /usr/lib/ViaVoice/samples/bldpools/README
- /usr/lib/ViaVoice/samples/bldpools/poolsam.lst
- /usr/lib/ViaVoice/samples/bldpools/poolsam.pbsp
- /usr/lib/ViaVoice/samples/bldpools/poolsam.pol
- /usr/lib/ViaVoice/samples/calctrl
- /usr/lib/ViaVoice/samples/calctrl/CalCtrl.ad
- /usr/lib/ViaVoice/samples/calctrl/Makefile
- /usr/lib/ViaVoice/samples/calctrl/calctrl
- /usr/lib/ViaVoice/samples/calctrl/calctrl.c
- /usr/lib/ViaVoice/samples/calctrl/calctrl.o
- /usr/lib/ViaVoice/samples/calctrl/calexpression.bnf
- /usr/lib/ViaVoice/samples/calctrl/calexpression.fsg
- /usr/lib/ViaVoice/samples/calctrl/calexpression.fst
- /usr/lib/ViaVoice/samples/calctrl/enmic2.xpm
- /usr/lib/ViaVoice/samples/calctrl/enmic3.xpm
- /usr/lib/ViaVoice/samples/calctrl/numbers.bnf
- /usr/lib/ViaVoice/samples/calctrl/runcalctrl
- /usr/lib/ViaVoice/samples/dwplus
- /usr/lib/ViaVoice/samples/dwplus/Dwf.ad
- /usr/lib/ViaVoice/samples/dwplus/Makefile
- /usr/lib/ViaVoice/samples/dwplus/ascdw
- /usr/lib/ViaVoice/samples/dwplus/ascgui.c
- /usr/lib/ViaVoice/samples/dwplus/ascgui.o
- /usr/lib/ViaVoice/samples/dwplus/dmacros.c
- /usr/lib/ViaVoice/samples/dwplus/dmacros.h
- /usr/lib/ViaVoice/samples/dwplus/dmacros.o
- /usr/lib/ViaVoice/samples/dwplus/dmacros.txt
- /usr/lib/ViaVoice/samples/dwplus/dw.c
- /usr/lib/ViaVoice/samples/dwplus/dw.h
- /usr/lib/ViaVoice/samples/dwplus/dw.o
- /usr/lib/ViaVoice/samples/dwplus/gtkdw
- /usr/lib/ViaVoice/samples/dwplus/gtkgui.c
- /usr/lib/ViaVoice/samples/dwplus/gtkgui.o
- /usr/lib/ViaVoice/samples/dwplus/guifns.h
- /usr/lib/ViaVoice/samples/dwplus/runasc
- /usr/lib/ViaVoice/samples/dwplus/rungtk
- /usr/lib/ViaVoice/samples/dwplus/runtif
- /usr/lib/ViaVoice/samples/dwplus/tifdw
- /usr/lib/ViaVoice/samples/dwplus/tifgui.c
- /usr/lib/ViaVoice/samples/dwplus/tifgui.o
- /usr/lib/ViaVoice/samples/gramsam
- /usr/lib/ViaVoice/samples/gramsam/Gramsam.ad
- /usr/lib/ViaVoice/samples/gramsam/Makefile
- /usr/lib/ViaVoice/samples/gramsam/gramsam
- /usr/lib/ViaVoice/samples/gramsam/gramsam.bnf
- /usr/lib/ViaVoice/samples/gramsam/gramsam.c
- /usr/lib/ViaVoice/samples/gramsam/gramsam.fsg
- /usr/lib/ViaVoice/samples/gramsam/rungramsam
- /usr/lib/ViaVoice/samples/gtkhello
- /usr/lib/ViaVoice/samples/gtkhello/Makefile
- /usr/lib/ViaVoice/samples/gtkhello/gtkhello
- /usr/lib/ViaVoice/samples/gtkhello/gtkhello.c
- /usr/lib/ViaVoice/samples/gtkhello/rungtkhello
- /usr/lib/ViaVoice/samples/hello
- /usr/lib/ViaVoice/samples/hello/Hello.ad
- /usr/lib/ViaVoice/samples/hello/Makefile
- /usr/lib/ViaVoice/samples/hello/hello
- /usr/lib/ViaVoice/samples/hello/hello.c
- /usr/lib/ViaVoice/samples/hello/runhello
- /usr/lib/ViaVoice/samples/samples.mak
- /usr/local/interbase/isc4.gdb
- /usr/share/apps/kpacman/highScore
- /var/lib/ICAClient/cache
- /var/lib/cddb
- /var/lib/games/trojka.scores
- /var/lib/games/xboing.score
- /var/lib/games/xjewel.scores
- /var/lib/games/xtrojka.score
- /var/lib/mysql/mysql.sock
- /var/lib/svgalib
- /var/lib/texmf
- /var/lib/texmf/ls-R
- /var/lock/xemacs
- /var/run/pcgi.soc
- /var/spool/fax/outgoing
- /var/spool/fax/outgoing/locks
- /var/spool/postfix/maildrop
- /var/spool/postfix/private/bounce
- /var/spool/postfix/private/bsmtp
- /var/spool/postfix/private/cleanup
- /var/spool/postfix/private/cyrus
- /var/spool/postfix/private/defer
- /var/spool/postfix/private/error
- /var/spool/postfix/private/ifmail
- /var/spool/postfix/private/local
- /var/spool/postfix/private/rewrite
- /var/spool/postfix/private/smtp
- /var/spool/postfix/private/uucp
- /var/spool/postfix/public/pickup
- /var/spool/postfix/public/qmgr
- /var/spool/postfix/public/showq
- /var/spool/samba
- /var/spool/slrnpull/out.going
- /var/tmp
Security Warning: these home directory should not be owned by someone else or
writeable :
user=zope(103) : home directory is group writeable.
These are the ports listening on your machine :
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
PID/Program name
tcp 0 0 *:6000 *:* LISTEN 2441/X
tcp 0 0 *:8021 *:* LISTEN
622/python
tcp 0 0 *:10000 *:* LISTEN
818/perl
tcp 0 0 *:mysql *:* LISTEN
729/mysqld
tcp 0 0 *:www *:* LISTEN
649/httpd
tcp 0 0 *:smtp *:* LISTEN
603/master
tcp 0 0 *:printer *:* LISTEN
480/lpd
tcp 0 0 *:617 *:* LISTEN
468/nlservd
tcp 0 0 *:gds_db *:* LISTEN
458/inetd
tcp 0 0 *:pop3 *:* LISTEN
458/inetd
tcp 0 0 *:auth *:* LISTEN
396/identd
tcp 0 0 *:sunrpc *:* LISTEN
325/portmap
udp 0 0 *:10000 *:*
818/perl
udp 0 0 *:sunrpc *:*
325/portmap
raw 0 0 *:icmp *:* 7 -
raw 0 0 *:tcp *:* 7 -
