Re: newbie q: secure log and setuid

[Alan Mead <adm ipat com>]

At 10:37 AM 12/9/98 -0500, Randy Smith wrote:

>> Aug 30 02:41:32 myhost imapd[29265]: connect from 195.49.33.2
>  Well, the first IP came from the Netherlands... Same place a lot of

I'm guessing that if I've been breached, they erased themselves from the
logs....  Should I report this and the other old scans to someone?

>Check for trojaned programs! Mine showed up in /usr/sbin/.mo.

I agree but how?  I used find to locate all the dot-hidden files and none
*looked* funny but I imagine find could be a trojan as well.  I tried
find'ing all files changed after I'd changed a couple passwords but I'm not
sure I got the syntax right.

>What version of imap are you running there?? (rpm -q imap)

Not running it.
---
Alan D. Mead  /  Research Scientist  /  adm ipat com
Institute for Personality and Ability Testing
1801 Woodfield Dr  /  Savoy IL 61874 USA
217-352-4739 (v)  /  217-352-9674 (f)