On Wednesday 22 June 2005 09:56, Paul Grope wrote:
The only services running were Apache2 and SSH, configured out of the box.
Firewall configured out of the box.
Left the office at 7:30 pm.
From home, I logged in via ssh. That was about 9:30 pm.
This morning tried to log in from home (about 8 am) but ssh connection refused.
When I arrived in the office (about 9 am) I inspected the box and found very little to suggest an intrusion. A couple of clues/curiosities.
There was one entry in the httpd log in the middle of the night.
A whole bunch of entries in message and warning log written by postfix indicating that postfix not running.
Most curious of all is that when I tried to create files as root, I learned that the system was read-only. I tried to create a file in the "/root" and "/" file systems.
Does any of this mean anything to anybody?
What exactly is in the log? How big is it? How big is root? /var? Your system probably wasn't broken into. There's probably something wrong. What does df tell you? -- Regards, Steven