> On Feb 23, 2016, at 1:45 AM, Reco <recovery...@gmail.com> wrote:
> I'd start with rkhunter check first. Just to be sure.
Checking for enabled inetd services [ Warning ]
That's AmandaClient, the backup software.
Checking if SSH root access is allowed [ Warning ]
It is, But only with a key. And this is the master DNS server. It's on the DMZ,
behind a hardened Cisco router and a Cisco PIX firewall. It's allowed out, but
no-one is allowed in unless the server asks first and somebody's replying to
the servers request, from the same IP the server sent the query to. I doubt
anybody got into it from the 'Net. I get into it with SSH, from the LAN, to
check on it.
/usr/bin/unhide.rb [ Warning ]
I have no explanation for that one. But:
root@log:~# /usr/bin/unhide.rb
Scanning for hidden processes...
No hidden processes found!
> In situation like this it would be an overkill, but I'd also checked OS
> installation with debsums from LiveCD,
I didn't do that because it'd be lots of trouble, and I don't have a live CD
(I'd have to download one). And the (Wheezy) kernel has been updated many
times, so I doubt it'd match the live CD anyway.
> the existence of /etc/ld.so.preload,
root@log:~# ls -a /etc/ | egrep -ir ld.so.preload
Nothing
> and /etc/rc.local.
root@log:~# ls -a /etc/ | egrep -ir rc.local
.cache/mozilla/firefox/n6glp0sg.default/Cache/5/98/17F03d01:<td ><label
for="idx_48"><a class='ui_link'
href='edit_action.cgi?0+rc%2Elocal'>rc.local</a></label></td>
.cache/mozilla/firefox/n6glp0sg.default/Cache/5/98/17F03d01:<td ><label
for="idx_48">Run /etc/rc.local if it exist</label></td>
Cause for concern? As suggested in the last line, I ran /etc/rc.local -- there
was no output.
--
Glenn English
