Hi
21.07.2010 14:39, Sergey Spiridonov пишет:
> I found yesterday that some files in /etc/ (/etc/shells and
> /etc/default/default/schroot) are changed. They contain data which I was
> typing on keyboard. Strange enough, this files are not overwritten, but
> contain data they should contain + some
On Wed, Jul 28, 2010 at 4:44 AM, Sergey Spiridonov <
sergey.spirido...@gmail.com> wrote:
> However chkrootkit and fsck found no problem.
>
> What else can I check?
> --
> Best regards, Sergey Spiridonov
>
May be try smartctl test to check for hard drive errors?
Alexey
Hi
On 27.07.2010 00:09, Jordon Bedwell wrote:
On 7/26/10 5:05 PM, Sergey Spiridonov wrote:
# cryptsetup create md1-crypt /dev/md1
# pvdisplay /dev/mapper/crypt-md1
No physical volume label read from /dev/mapper/md1-crypt
Failed to read physical volume "/dev/mapper/md1-crypt"
I should probably
Hi
On 07/27/2010 02:38 AM, Rob Owens wrote:
You can apt-get install things in Knoppix. It'll just install it using
available RAM, and won't actually write it to the disk.
I did not have internet for some time at that machine. Now I get
internet and installed cryptsetup. But now I have anothe
On Sun, Jul 25, 2010 at 05:30:45PM -0500, Jordon Bedwell wrote:
> On 7/25/10 12:52 PM, Sergey Spiridonov wrote:
>> Hi
>>
>> I ran memcheck 4.0, it showed no problem. Unfortunately I can not use
>> knoppix to mount and check my partitions with fsck and chkrootkit,
>> bevause latest knoppix (6.2.1) f
On 7/26/10 5:05 PM, Sergey Spiridonov wrote:
Hi
On 26.07.2010 00:51, Jordon Bedwell wrote:
Also, to add, if you plan on doing a cryptographic integrity check, you
need to do this from a liveCD not from a liveUSB. The only reason you
would do a liveUSB is for things like fsck and chkrootkit (whe
Hi
On 26.07.2010 00:51, Jordon Bedwell wrote:
Also, to add, if you plan on doing a cryptographic integrity check, you
need to do this from a liveCD not from a liveUSB. The only reason you
would do a liveUSB is for things like fsck and chkrootkit (where you
would mount as readonly at first)
I
On 7/25/10 5:30 PM, Jordon Bedwell wrote:
On 7/25/10 12:52 PM, Sergey Spiridonov wrote:
Hi
I ran memcheck 4.0, it showed no problem. Unfortunately I can not use
knoppix to mount and check my partitions with fsck and chkrootkit,
bevause latest knoppix (6.2.1) for whatever reason does not include
On 7/25/10 12:52 PM, Sergey Spiridonov wrote:
Hi
I ran memcheck 4.0, it showed no problem. Unfortunately I can not use
knoppix to mount and check my partitions with fsck and chkrootkit,
bevause latest knoppix (6.2.1) for whatever reason does not include
cryptsetup. :(
You can however use the
Hi
I ran memcheck 4.0, it showed no problem. Unfortunately I can not use
knoppix to mount and check my partitions with fsck and chkrootkit,
bevause latest knoppix (6.2.1) for whatever reason does not include
cryptsetup. :(
--
Best regards, Sergey Spiridonov
--
To UNSUBSCRIBE, email to debi
Hi
On 07/21/2010 11:51 PM, François TOURDE wrote:
I think memory is not the reason, because some time ago I get broken
/etc/shells file also on another machine, which is running Lenny.
If you are so confident, why asking here?
I am not confident and I will do this tests (just need to buy cd
Hi
On 07/21/2010 06:45 PM, Chris Davies wrote:
> For breakage of something as significant as /etc/shells, I'd prioritise
> investigations in that order. Memtest86+ is a no-brainer, so let it
> test your machine. Are you using a kernel that's got known issues with
> whatever filesystem you are us
Le 14811ième jour après Epoch,
Sergey Spiridonov écrivait:
> Hi
>
> On 07/21/2010 03:40 PM, Jochen Schulz wrote:
>
>> One possible reason: your memory is corrupt. Run memtest86 to check
>> that.
>
> I think memory is not the reason, because some time ago I get broken
> /etc/shells file also on ano
Sergey Spiridonov wrote:
> I think memory is not the reason, because some time ago I get broken
> /etc/shells file also on another machine, which is running Lenny.
Broken memory. Broken kernel (possibly but not necessarily the filesystem
driver). Hacked machine. Broken hardware.
For breakage of
On 07/21/2010 06:39 AM, Sergey Spiridonov wrote:
> I found yesterday that some files in /etc/ (/etc/shells and
> /etc/default/default/schroot) are changed. They contain data which I was
> typing on keyboard. Strange enough, this files are not overwritten, but
> contain data they should contain + so
Hi
On 07/21/2010 03:40 PM, Jochen Schulz wrote:
One possible reason: your memory is corrupt. Run memtest86 to check
that.
I think memory is not the reason, because some time ago I get broken
/etc/shells file also on another machine, which is running Lenny.
--
Best regards, Sergey Spiridono
Sergey Spiridonov:
>
> I found yesterday that some files in /etc/ (/etc/shells and
> /etc/default/default/schroot) are changed. They contain data which I
> was typing on keyboard. Strange enough, this files are not
> overwritten, but contain data they should contain + somewhere in the
> middle or
Hi
I found yesterday that some files in /etc/ (/etc/shells and
/etc/default/default/schroot) are changed. They contain data which I was
typing on keyboard. Strange enough, this files are not overwritten, but
contain data they should contain + somewhere in the middle or at the
beginning of the
On Thu, Jun 16, 2005 at 11:36:18AM -0400, Kevin B. McCarty wrote:
> Date: Thu, 16 Jun 2005 11:36:18 -0400
> From: "Kevin B. McCarty" <[EMAIL PROTECTED]>
> User-Agent: Debian Thunderbird 1.0.2 (X11/20050331)
> To: debian-user@lists.debian.org
> Subject: Re: Am I h
Michal Sedlak wrote:
But I thing bigger problem is this
--WARN-- [sig004w] None of the following versions of /bin/bash (-rwxr-xr-x)
matched the /bin/bash on this machine.
Linux 2.4.17
--WARN-- [sig004w] None of the following versions of /bin/login
(-rwsr-xr-x)
matched the /bin/login on thi
Michal Sedlak wrote:
> I am nearly sure that my server was hacked, but I want to be sure. Can
> anybody say me if it is true.
>
> Here is tiger script output. Do you have any ideas how to repair it {no mkfs
> funny stuff please}
> There are some line interesting. I have one for every critical s
AIL PROTECTED]>
To: "Michal Sedlak" <[EMAIL PROTECTED]>
Cc:
Sent: Thursday, June 16, 2005 7:07 AM
Subject: Re: Am I hacked?
Michal Sedlak a écrit :
Hi all,
I am nearly sure that my server was hacked, but I want to be sure. Can
anybody say me if it is true.
Here is tiger scri
On Thu, Jun 16, 2005 at 07:07:59AM +0200, Laurent CARON wrote:
> Login ID sashroot has uid == 0.
> --WARN-- [pass002w] UID 0 exists multiple times (2) in /etc/passwd.
> --WARN-- [pass012w] Home directory /root exists multiple times (2) in
> /etc/passwd.
>
> can you please post & copy of /etc/passw
Michal Sedlak a écrit :
Hi all,
I am nearly sure that my server was hacked, but I want to be sure. Can
anybody say me if it is true.
Here is tiger script output. Do you have any ideas how to repair it
{no mkfs funny stuff please}
There are some line interesting. I have one for every critical
Hi all,
I am nearly sure that my server was hacked, but I want to be sure. Can
anybody say me if it is true.
Here is tiger script output. Do you have any ideas how to repair it {no mkfs
funny stuff please}
There are some line interesting. I have one for every critical system
command like {log
Prolog: Running Debian Potato 2.2 r2 with most recent security updates from
the security servers. *Any* suggestions or comments welcome.
I was checking my RADIUS server logs...just for the fun of it :-) and came
across this in my setuid.changes line:
***
Le jeu, 25 jan 2001 13:47:17, cls/cs a écrit :
> debs,
>
> i just ran uptime on my single-user box connected to the office dsl
> pipe.
>
> it shows 3 users; and there's only one non-root account.
>
> 1. how do i find out who are the other 2 users?
>
> 2. does this mean that i've be hacked?
cls/cs <[EMAIL PROTECTED]> wrote:
>i just ran uptime on my single-user box connected to the office dsl pipe.
>
>it shows 3 users; and there's only one non-root account.
>
>1. how do i find out who are the other 2 users?
Type 'who'.
>2. does this mean that i've be hacked?
Chances are it's thr
man who
> -Original Message-
> From: Debian User [mailto:[EMAIL PROTECTED] Behalf Of cls/cs
> Sent: Thursday, January 25, 2001 6:47 AM
> To: debian-user@lists.debian.org
> Subject: am i hacked?
>
>
> debs,
>
> i just ran uptime on my single-user box co
debs,
i just ran uptime on my single-user box connected to the office dsl pipe.
it shows 3 users; and there's only one non-root account.
1. how do i find out who are the other 2 users?
2. does this mean that i've be hacked?
ia, t.
bentley taylor.
running: debian gnu/linux ( http://www.d
30 matches
Mail list logo