[techtalk] bizarre....

Steve Kudlak chromexa at ovis.net
Mon Dec 13 06:19:34 EST 1999



Subba Rao wrote:

> On  0, Lighthouse Keeper in the Desert Sun <ccovingt at one-eyed-alien.net> wrote:
> > Okay, so today I was using my ppp connection for several hours, then we
> > went to watch Sunday night Fox and came back.  I have the command to dial
> > aliased to include tail -f /var/log/messages.  I told it to dial, and it
> > said "tail: no such file /var/log/messages."  I said "Uhhhhh...." and
> >
>
> Looks like you have been hacked. Backup your important files and reinstall linux
> and then tighten the system. Then restore your backed up files.
>
> Subba Rao
> subb3 at attglobal.net
> http://pws.prserv.net/truemax/
>
>  => Time is relative. Here is a new way to look at time. <=
> http://www.smcinnovations.com
>
> ************
> techtalk at linuxchix.org   http://www.linuxchix.org

Well, sigh whatever the cause,  do a reasonable restore. As mentioned previously
mentioned change your root password off line etc. Check the crontab for for sure.
Make sure you know what at and cron run. Be one of those loose people, who would set
cron.deny and at.deny to stop nobody, there was no problem. But the climate was
different then. But it is also possible with one or two errors in something, that
look totally innocent and to clobber yourself too. If there is extensive logging
facilities, anything that looks like C-2 security, turn it on and watch. Read the
logfiles. This can be illustrative. In fact have them also daily snuck to a safe
place too. Then compare the backups against the current. But sigh, certainly rm-ing
files that something thinks it can't do without an easy way to wreak havoc as said
before. In all system security work so far, is how I caught anyone, known or unknown
trying to break in to sites, was via logfiles and watching things.

Have Fun and Good Luck,
Sends Steve



************
techtalk at linuxchix.org   http://www.linuxchix.org




More information about the Techtalk mailing list