> Hello all, > > Looking through my mail log I noticed some strange flagged entries. > These were. > > > sendmail[6056]: h7MB8Ucu006055: forward /root/.forward.Unimatrix0: > Permission denied > > sendmail[6056]: h7MB8Ucu006055: forward /root/.forward: Permission > denied > > from what I have read about on the subject I understand that a .forward > file is used to forward mail to another host, what is puzzling me is > that I have never created a root/.forward file, nor have I requested for > any mail to be forwarded by any other means. > > I was wondering if anyone out there knew the sort of thing that could > cause this, as I don't know if its a malicious attempt to forward my > mail or if i have simply mis-configured something. > > > Thanks in advance, > Adam Bowns
Are you really sure you haven't created a .forward file in /root? Perhaps you used a vacation program at some point? The first thing I'd do is disconnect your box from the internet. Next open the .forward file and see what's in it. Hopefully, that will jog your memory. If it still doesn't look like something you've done then you have to assume your system has been broken into. You might want to run chkrootkit on your system. It will do a pretty thorough job of checking for rootkits that may have been installed. However, once someone has gotten in the only proper alternative is to reload you box. What version of OS are you running? Have you been keeping up with all the security patches? Gerry -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
