[Xastir] WAY off topic - but you guys are my' best resource'
Gerry Creager N5JXS
gerry.creager at tamu.edu
Sat Aug 30 11:10:41 EDT 2003
Check logs.
Check 'last'
Check permissions
UPDATE to the latest apache from apache.org via tarball. NOW.
KEEP UP WITH THE UPDATES.
Sorry for shouting but there are some issues that just have to be
emphasized.
New entries in /etc/passwd or /etc/groups?
New users in /home?
IS TRIPWIRE running?
73, gerry
KC7ZRU wrote:
> I found someting distrubing tonite on one of my RH 7.3 boxes. It's setup
> as a web server. All ports in are blocked with iptables/netfilter except
> for 80.
>
> In the /tmp directory - an executable binary called 'telnetd',
> user=apache group=apache. It was not running. I never install telnetd on
> anything I setup - ever.
>
> chkrootkit says "OK" for as far as that goes.
>
> logs 'look' clean - no obvious gaps, plenty of worm noise to create a
> backgroud.
>
> I don't recognize anything else as suspicious.
>
> Suggestions? Ideas?
>
> _______________________________________________
> Xastir mailing list
> Xastir at xastir.org
> https://krypton.hscs.virginia.edu/mailman/listinfo/xastir
--
Gerry Creager -- gerry.creager at tamu.edu
Network Engineering -- AATLT, Texas A&M University
Cell: 979.229.5301 Office: 979.458.4020 FAX: 979.847.8578
Page: 979.228.0173
Office: 903A Eller Bldg, TAMU, College Station, TX 77843
More information about the Xastir
mailing list