When I got hacked before and a root kit was installed on my system I saw
this same behavior.
My advice is to see if you can tell when the break in happened and how
they did it. If you are allowing telnet, rsh, or ftp then they most
likely just used a packet sniffer. Otherwise RH6.2 has a security hole.
Backup all your data, reinstall from CDROM and only allow access to the
box through open ssh. Use tcp wrappers to limit access to the servers
that should be accessing those services. Use a firewall to limit what
crackers can see on your network.
Do not hook the box back up to the network yet.
On another box, there are hundreds of pages all around the internet
about securing your Linux install. Read several of these and do what
they say.
Then and only then can you hook your computer to the network.
By the way, the rest of your boxes are probably also compromised as
well.
> Bernard Mwenda wrote:
>
> Hi guys,
>
> I really need help on this one.
>
> I am using RH. 6.2 on my servers. Suddenly syslogd is not running on
> one of
> the servers. I has tried uninstalling and installing the rpm with no
> success. When I try looking at the running processes using the 'ps'
> command
> I get a "segmentation fault (core dumped)" error. I have tried
> increasing
> the size using "ulimit -c unlimited" but this also does not help.
>
> Any body come across this problem before? how did you fix it?
>
> Bernard Mwenda,
> Systems Administrator,
> LCR Telecom (K) Ltd,
> [EMAIL PROTECTED]
_______________________________________________
Redhat-devel-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-devel-list
