On Wednesday 23 April 2003 22:42, Thomas Jones wrote:
Looks like a sendmail installation.
heh
The /var/spool/mqueue directory is part of Base Operating System (BOS) Runtime.
Yeah? My copy of the OS/400 V4R3 manual leaves that directory undefined.
Check that this directory is mode 0x700 and UID is 0; as well as the GID 0. This is the default permission configuration of sendmail. Find it out via the -n switch of the ls command(for numeric format).
Also, check that this is indeed the queue directory as defined by "Q" in the sendmail.cf configuration file.
What if it isn't? Send the hacker to a sendmail configuration seminar?
If this happened to be "hacker" of sorts, he must have altered various system files.
i.e. a hacked-up /dev/null
Otherwise, he would not be able to remotely login. /dev/null doesn't return very many prompts to a tty. ;)
That's right, if he logs in as root he cannot create another user account with /dev/null as $HOME because then he wouldn't be able to log in as root again.
Thomas Jones Linux-Howtos Administrator
Hmmmm