Henry, On Thursday 10 March 2005 11:18, Henry Tang wrote:
The example i gave is bad. It is more like this
http://www.derkeiler.com/Newsgroups/comp.os.linux.security/2003-06/04 73.html
I didn't want to post the email my server was trying to send out because it includes the /etc/passwd file so I posted examples i found on the net. Apprently root tried to send out couple of emails to unknown users of yahoo and other email address as well. The email was bounced and that is how i found out. :( I am not in the competition. :(
Are you running RootKit Hunter? If not, you should. You stand a good chance of knowing promptly when someone has established a toehold on your system. One regular participant here, Patrick Shanahan, kindly provides up-to-date builds in RPM form. To wit: -==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==- On Tuesday 22 February 2005 05:21, Patrick Shanahan wrote:
rkhunter -1.2.1-1.noarch.rpm is available for download: http://wahoo.no-ip.org/~pat/rkhunter-1.2.1-1.noarch.rpm http://wahoo.no-ip.org/~pat/rkhunter-1.2.1-1.src.rpm http://wahoo.no-ip.org/~pat/rkhunter-1.2.1.tar.gz
Project description: Rootkit Hunter scans files and systems for known and unknown rootkits, backdoors, and sniffers. The package contains one shell script, a few text-based databases, and optional Perl modules. It should run on almost every Unix clone.
The changes in this release are as follows: This release adds support for Mandrake 8.1, FreeBSD 5.3, and Slackware 10.1. It has support for Fink, updated MD5 hashes, updated packages, improved logging, improved output, and several bugfixes.
Release focus: 5 - Minor feature enhancements
Changelog Below is the changelog of Rootkit Hunter. It will contain changes of early released versions and the active development version.
Current public version: 1.2.1 Current development version: 1.2.2 (not available yet) -==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==-
To find the full post, search for the subject "[SLE] rkhunter-1.2.1-1.noarch.rpm available" in the February 2005 archive.
... henry
Randall Schulz