[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Box Cracked ( Was: thank's )



Gene Heskett <gene heskett verizon net> kirjoitti:
On Saturday 20 October 2007, bob smith kolumbus fi wrote:
>Manuel Arostegui Ramirez <manuel todo-linux com> kirjoitti:
>> El Sábado, 20 de Octubre de 2007 18:42, bob smith kolumbus fi escribió:
>> > here ls -laR /tmp
>>
>> Seems to me you're ignoring my other suggestions...such as tell us what
>> the hell make you think you've been visited by a hacker...
>> Keep hiding us the basic information and the whole history of what
>> happened to your system and you'll realised how this thread is sent to
>> /dev/null
>>
>> Manuel.
>> --
>> Manuel Arostegui Ramirez.
>>
>> Electronic Mail is not secure, may not be read every day, and should not
>> be used for urgent or sensitive issues.
>>
>> --
>> fedora-list mailing list
>> fedora-list redhat com
>> To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
>
>these are a mentioned in rkhunter:
>
>[19:20:07] /usr/bin/groups                                   [ Warning ]
>[19:20:07] Warning: The command '/usr/bin/groups' has been replaced by a
> script: /usr/bin/groups: Bourne shell script text executable [[19:20:08]
> /usr/bin/ldd                                      [ Warning ] [19:20:08]
> Warning: The command '/usr/bin/ldd' has been replaced by a script:
> /usr/bin/ldd: Bourne shell script text executable [[19:20:11]
> /usr/bin/whatis                                   [ Warning ] [19:20:11]
> Warning: The command '/usr/bin/whatis' has been replaced by a script:
> /usr/bin/whatis: Bourne shell script text executable [[19:20:12] Warning:
> The command '/sbin/ifdown' has been replaced by a script: /sbin/ifdown:
> Bourne-Again shell script text executable [19:20:12] /sbin/ifup > [ Warning ] [19:20:12] Warning: The command
> '/sbin/ifup' has been replaced by a script: /sbin/ifup: Bourne-Again shell
> script text executable [19:20:52] Info: Rkhunter option ALLOW_SSH_ROOT_USER
> set to 'no'.
>[19:20:52]   Checking if SSH root access is allowed          [ Warning ]
>[19:20:52] Warning: The SSH configuration option 'PermitRootLogin' has not
> been set. The default value may be 'yes', to allow root access.
>[
>is this normal on FC6?
>
>--

Apparently so, that is what I get here, they are scripts. FC6 too.

--
Cheers, Gene
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Lackland's Laws:
	(1) Never be first.
	(2) Never be last.
	(3) Never volunteer for anything

thank's, appears normal then, do you have any information about how a tmp directory shoud look like under "normal" circumstances?

(this box has mysql(not running at the time of ls -laR, tomcat(not running right now), apache(not running right now). One user logged on (inetd off, xinetd off, no sshd, no ftp, in other words the bare minimum to run a box and gui)

--
fedora-list mailing list
fedora-list redhat com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list



--




[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]