Michael Appeldorn schrieb am Donnerstag, 7. Februar 2002 13:35:
So what ? You wrote your system crashed - the logfile was not closed properly.
The system crashed when I tried to open an xterm but not an hour ago. I'm running ext3 and imho if there were messages they should have found their way onto the hd, shouldn't they?
ACK - thatswhy you should mask your ip even when you post logs into a list ^^^^^^^^^^^^^^^^^^^^^^^
Well that was really a bad idea, but as long as the name of my computer is listed in the news header (nntp-posting-host) people will have an address to connect to. So should I manipulate my header so that it will show something else?
After that I changed the "Protocol" in sshd_config to 2 (was 2,1 before), even though it is said here, that this ssh-version is as
Too late !
So all comments about how secure openssh2.9.9p2-74 is are nonsense?
My guesses for ssh - you installed an update with rpm -i instead of of rpm -u or a script such as harden_suse changed attributes.
I used YOU to get the most (what SuSE calls it) up-to-date packages. Whenever I update an rpm-package manually, I use the -u option. Hopefully, YOU does the same...
By the way - its ssh not sshd. An attacker would exchange the daemon to get in.
Yes, that's clear. I first checked openssh.rpm as the sshd is part of this package.
If you think its not only paranoia thank check this url 4 forensic analysis.
Is it a question of paranoia? Are there no ways to ensure that the system is clean while keeping it alive? In evidence.txt they checked the md5sums of the installed packages. Which database do they use as reference? When I check all binaries as recently described, there is still the possibility, that the rpm-database is corrupted itself, isn't it? Or is the result, that the md5sums of all the binaries were ok sufficient to declare this system being clean? Greetings Torsten