On Thu, Mar 10, 2005 at 01:35:19PM -0600, Henry Tang wrote:
Thanks alot for the info.
I will run that.. I looked at my mail log and only two emails were sent out, and both got bounced, unless the mail log got cleaned. Luckily this is just some home server for fun, so nothing important, but would like to figure out what happened.
henry
Randall R Schulz wrote:
Henry,
On Thursday 10 March 2005 11:18, Henry Tang wrote:
The example i gave is bad. It is more like this
http://www.derkeiler.com/Newsgroups/comp.os.linux.security/2003-06/04 73.html
I didn't want to post the email my server was trying to send out because it includes the /etc/passwd file so I posted examples i found on the net. Apprently root tried to send out couple of emails to unknown users of yahoo and other email address as well. The email was bounced and that is how i found out. :( I am not in the competition. :(
LOL, ummm, when a mail tries sending the passwd file to another mail addy.... I think it's time to learn a little about security. first, is the machine updated when patches get released? Is the firewall up? Are you running services you don't actually need? those are my first guess. Next up: Do you run as root a alot? This is the most common problem for home users. Next up start looking in /dev, could be hidden things there. But I only recommend this if you are positive you won't screw up.
Are you running RootKit Hunter? If not, you should. You stand a good chance of knowing promptly when someone has established a toehold on your system.
One regular participant here, Patrick Shanahan, kindly provides up-to-date builds in RPM form.
To wit:
-==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==- On Tuesday 22 February 2005 05:21, Patrick Shanahan wrote:
rkhunter -1.2.1-1.noarch.rpm is available for download: http://wahoo.no-ip.org/~pat/rkhunter-1.2.1-1.noarch.rpm http://wahoo.no-ip.org/~pat/rkhunter-1.2.1-1.src.rpm http://wahoo.no-ip.org/~pat/rkhunter-1.2.1.tar.gz
Project description: Rootkit Hunter scans files and systems for known and unknown rootkits, backdoors, and sniffers. The package contains one shell script, a few text-based databases, and optional Perl modules. It should run on almost every Unix clone.
The changes in this release are as follows: This release adds support for Mandrake 8.1, FreeBSD 5.3, and Slackware 10.1. It has support for Fink, updated MD5 hashes, updated packages, improved logging, improved output, and several bugfixes.
Release focus: 5 - Minor feature enhancements
Changelog Below is the changelog of Rootkit Hunter. It will contain changes of early released versions and the active development version.
Current public version: 1.2.1 Current development version: 1.2.2 (not available yet)
-==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==-
To find the full post, search for the subject "[SLE] rkhunter-1.2.1-1.noarch.rpm available" in the February 2005 archive.
... henry
Randall Schulz
-- Check the headers for your unsubscription address For additional commands send e-mail to suse-linux-e-help@suse.com Also check the archives at http://lists.suse.com Please read the FAQs: suse-linux-e-faq@suse.com