hehehehe... funny this should come up right now. I am reading the tripwire
2.2.1 documentation right now.
Any other suggestions? I am trying to decide how to leverage my CDRW drive
on another machine to create information that can be read-only for the
server. Maybe the tripwire database or som
From: "John W. Lemons III" <[EMAIL PROTECTED]>
Date: Wed, 5 Apr 2000 15:02:57 -0500
>Also, if you're running Red Hat, you might want to use rpm to verify all
>packages against the installation CD.
I did that, and very little asside from a large chunk of /etc came up
different.
John W. Lemons III <[EMAIL PROTECTED]> wrote:
> >Good. Now check for all the other places it could be in :>
>
> I did an ls -alR | grep... and it came up clean.
>
> >1. Modify the rc start up scripts to create a setuid shell
> > somewhere.
>
> clean...
Except that a bad guy who had root
>If you're running a Red Hat system, that was probably put there by
>linuxconf itself, which is probably running out of a startup entry like
>/etc/rc.d/rc3.d/S99linuxconf -> ../init.d/linuxconf. In which case, it's
>not cause for alarm.
I think you are right, since I checked into its security, an
At 4/5/2000 02:41 PM -0500, John W. Lemons III wrote or quoted:
>just found this appended to the last line of the file, right after the
>qmail entry I had installed the night before:
> linuxconf stream tcp wait root /bin/linuxconf linuxconf --http
>
>I certainly don't remember putting it there
>Good. Now check for all the other places it could be in :>
I did an ls -alR | grep... and it came up clean.
>1. Modify the rc start up scripts to create a setuid shell
> somewhere.
clean...
>2. Create a root cron that does the same.
also clean. I checked all the cron jobs aft
On Wed, Apr 05, 2000 at 02:00:39PM -0500, John W. Lemons III wrote:
> >Start over. You'll never know whether they've left a re-exploitable program
> on your
> >system somewhere. Have you checked for /usr/lib/math/fp/.setuid-root-shell?
>
> No
Good. Now check for all the other places it could be
>Start over. You'll never know whether they've left a re-exploitable program
on your
>system somewhere. Have you checked for /usr/lib/math/fp/.setuid-root-shell?
No, it doesn't appear to exist, but since the system has been compromised,
who really knows? :/
On Wed, Apr 05, 2000 at 01:17:25PM -0500, John W. Lemons III wrote:
> Thanks to all that have replied, but I think I've found the culprit.
> I've been hacked using a "known" BIND weakness. (Unknown to me!)
> So, any way, I'll be cleaning up that mess this afternoon. :/
>
> Anyone know if its sa
Unfortunately, plugging every hole can be more difficult then starting
over. Plus, you'll always wonder.
It's best to just start clean, and dont plug in the network until you get
every hole patched.
On Wed, 5 Apr 2000, John W. Lemons III wrote:
>Thanks to all that have replied, but I think I've
Thanks to all that have replied, but I think I've found the culprit.
I've been hacked using a "known" BIND weakness. (Unknown to me!)
So, any way, I'll be cleaning up that mess this afternoon. :/
Anyone know if its safe to just verify/re-install the RPMs from CD, or
should I wipe it and start o
e-
> From: John W. Lemons III [SMTP:[EMAIL PROTECTED]]
> Sent: Tuesday, April 04, 2000 4:43 PM
> To: qmail list
> Subject: RE: network connection dies randomly?
>
> >I installed and configured QMail on Friday of last week. It passed all
> the
>
>
>
John W. Lemons III <[EMAIL PROTECTED]> wrote:
>
> >What makes you think it's the DSL connection that is "hanging"?
> >Or are you saying that "from my Linux box I can no longer send or receive
> >any packets". If so, could it simply be a problem with the Linux box and
> qmail?
> Its the best way
John W. Lemons III <[EMAIL PROTECTED]> wrote on Tue, 04 Apr 2000:
> Another detail that may help... When the connection appears hung,
> netstat -r
> hangs before it reports the default route. I can't even kill it. Is the
> routing table getting hosed? If so, how?
Usually when "netstat -r" app
(sorry for the duplicate makrd, I forgot to add the qmail list to the to:
field)
>What makes you think it's the DSL connection that is "hanging"?
>Or are you saying that "from my Linux box I can no longer send or receive
>any packets". If so, could it simply be a problem with the Linux box and
qm
>I installed and configured QMail on Friday of last week. It passed all the
Another detail that may help... When the connection appears hung,
netstat -r
hangs before it reports the default route. I can't even kill it. Is the
routing table getting hosed? If so, how? Also, pump sometimes bri
On Tue, Apr 04, 2000 at 03:30:57PM -0500, John W. Lemons III wrote:
> I installed and configured QMail on Friday of last week. It passed all the
> test, and seemed to work perfectly. Perhaps coincidently, my DSL connection
> started hanging randomly the same night. At first, I assumed it was ju
I installed and configured QMail on Friday of last week. It passed all the
test, and seemed to work perfectly. Perhaps coincidently, my DSL connection
started hanging randomly the same night. At first, I assumed it was just a
glitch, and I re-set the connection. After doing this several time,
18 matches
Mail list logo