On 6/23/06, Andrew Sackville-West <[EMAIL PROTECTED]> wrote:
clearly there is something going on here that I don't understand.
Set a cron for the 'root' user:
1 * * * * lsof -i
Unless the culprit is dying randomly that should catch something
--
WC (Bill) Jones -- http://youve-reached-the.endo
On Fri, Jun 23, 2006 at 10:53:46PM -0400, [EMAIL PROTECTED] wrote:
> On Fri, Jun 23, 2006 at 03:39:37PM -0700, Andrew Sackville-West wrote:
> > Has anyone else seen this?
> >
> > in the last few days tiger has started reporting:
> >
> > OLD: --WARN-- [lin002i] The process `-' is listening on soc
On Fri, Jun 23, 2006 at 03:39:37PM -0700, Andrew Sackville-West wrote:
> Has anyone else seen this?
>
> in the last few days tiger has started reporting:
>
> OLD: --WARN-- [lin002i] The process `-' is listening on socket 1661
> (TCP) on
> +every interface.
> NEW: --WARN-- [lin002i] The process `
Has anyone else seen this?
in the last few days tiger has started reporting:
OLD: --WARN-- [lin002i] The process `-' is listening on socket 1661
(TCP) on
+every interface.
NEW: --WARN-- [lin002i] The process `-' is listening on socket 2309
(TCP) on
+every interface.
but a lsof -i :1661 or :2309
I just installed tiger. One of the logfiles (check_rootkit.out.1) says:
# Performing check for rookits...
# Running chkrootkit (/usr/sbin/chkrootkit) to perform further checks...
--ALERT-- [rootkit005a] Chkrootkit has found a file which seems to be infected
because of a rootkit
--ALERT-- [root
I have Tiger Audit set up on my Sarge system. My last two reports say this:
# Running chkrootkit (/usr/sbin/chkrootkit) to perform further checks...
OLD: --WARN-- [rootkit004f] Chkrootkit has detected a possible rootkit installation
OLD: Warning: Possible Slapper Worm installed
However, when I r
On Fri, Sep 21, 2001 at 10:33:04AM -0700, Craig Dickson wrote:
>
> > It can potentially make superuser access easier to crack unless both
> > accounts have strong passwords. More generally, I suspect that this
> > is flagged because it could indicate that your system has been
> > compromised and
Craig Dickson wrote:
> I found a discussion in debian-devel for June 2000 that was mildly
> informative. There was a proposal then to add information about the
> standard uids to /usr/share/doc/base-passwd/README, but this does
> not seem to have happened.
We had a thread just last month about the
Hall Stevenson wrote:
> Check the archives of this list for a discussion of this topic
> from about 2-3 months ago (not sure of the date really
> though...). One of the package maintainers brought this up and
> it turned into quite an active thread as I recall.
I couldn't find anything in debian-
* Craig Dickson <[EMAIL PROTECTED]> spake thus:
> Dave Sherohman wrote:
>
> > > How can anonymous FTP be enabled when I have no FTP server installed?
> >
> > Is a config file present in /etc?
>
> What would it be called? There are no files matching the glob "/etc/ftp*".
try /etc/*ftp*
I have /
> So should I set the shell to /bin/false for all accounts
> that shouldn't allow a tty or console login? That would
> include postgres, mail, www-data, daemon, bin, sys,
> man, games, lp, uucp, backup, operator, nobody...
> For that matter, can some of these be safely deleted?
Check the archive
Dave Sherohman wrote:
> > How can anonymous FTP be enabled when I have no FTP server installed?
>
> Is a config file present in /etc?
What would it be called? There are no files matching the glob "/etc/ftp*".
> It can potentially make superuser access easier to crack unless both
> accounts have
On Fri, Sep 21, 2001 at 10:05:20AM -0700, Craig Dickson wrote:
> If /etc/fstab is not world-readable, will users still be able to mount
> things? Without having to supply all the details of what to mount where,
> using what filesystem?
Users can't mount things by supplying all details of from wher
Is anyone else using the 'tiger' security-checking tool? Mine is giving
me some reports that I'm not sure how to deal with. Here they are:
# Performing check of system file permissions...
--FAIL-- [perm007f] /etc/aliases should not have group read.
--WARN-- [perm003w] /etc/fstab should not h
14 matches
Mail list logo
