Re: Box Cracked ( Was: thank's )

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Saturday 20 October 2007, bob.smith@xxxxxxxxxxx wrote:
>Gene Heskett <gene.heskett@xxxxxxxxxxx> kirjoitti:
>> On Saturday 20 October 2007, bob.smith@xxxxxxxxxxx wrote:
>> >Manuel Arostegui Ramirez <manuel@xxxxxxxxxxxxxx> kirjoitti:
>> >> El Sábado, 20 de Octubre de 2007 18:42, bob.smith@xxxxxxxxxxx escribió:
>> >> > here ls -laR /tmp
>> >>
>> >> Seems to me you're ignoring my other suggestions...such as tell us what
>> >> the hell make you think you've been visited by a hacker...
>> >> Keep hiding us the basic information and the whole history of what
>> >> happened to your system and you'll realised how this thread is sent to
>> >> /dev/null
>> >>
>> >> Manuel.
>> >> --
>> >> Manuel Arostegui Ramirez.
>> >>
>> >> Electronic Mail is not secure, may not be read every day, and should
>> >> not be used for urgent or sensitive issues.
>> >>
>> >> --
>> >> fedora-list mailing list
>> >> fedora-list@xxxxxxxxxx
>> >> To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
>> >
>> >these are a mentioned in rkhunter:
>> >
>> >[19:20:07] /usr/bin/groups                                   [ Warning ]
>> >[19:20:07] Warning: The command '/usr/bin/groups' has been replaced by a
>> > script: /usr/bin/groups: Bourne shell script text executable [[19:20:08]
>> > /usr/bin/ldd                                      [ Warning ] [19:20:08]
>> > Warning: The command '/usr/bin/ldd' has been replaced by a script:
>> > /usr/bin/ldd: Bourne shell script text executable [[19:20:11]
>> > /usr/bin/whatis                                   [ Warning ] [19:20:11]
>> > Warning: The command '/usr/bin/whatis' has been replaced by a script:
>> > /usr/bin/whatis: Bourne shell script text executable [[19:20:12]
>> > Warning: The command '/sbin/ifdown' has been replaced by a script:
>> > /sbin/ifdown: Bourne-Again shell script text executable [19:20:12]
>> > /sbin/ifup [ Warning ] [19:20:12] Warning: The command '/sbin/ifup' has
>> > been replaced by a script: /sbin/ifup: Bourne-Again shell script text
>> > executable [19:20:52] Info: Rkhunter option ALLOW_SSH_ROOT_USER set to
>> > 'no'.
>> >[19:20:52]   Checking if SSH root access is allowed          [ Warning ]
>> >[19:20:52] Warning: The SSH configuration option 'PermitRootLogin' has
>> > not been set. The default value may be 'yes', to allow root access. [
>> >is this normal on FC6?
>> >
>> >--
>>
>> Apparently so, that is what I get here, they are scripts. FC6 too.
>>
>> --
>> Cheers, Gene
>> "There are four boxes to be used in defense of liberty:
>>  soap, ballot, jury, and ammo. Please use in that order."
>> -Ed Howdershelt (Author)
>> Lackland's Laws:
>> 	(1) Never be first.
>> 	(2) Never be last.
>> 	(3) Never volunteer for anything
>
>thank's, appears normal then,
>do you have any information about how a tmp directory shoud look like under
> "normal" circumstances?
>
Not really, because every boxes usage varies.

>(this box has mysql(not running at the time of ls -laR, tomcat(not running
> right now), apache(not running right now). One user logged on (inetd off,
> xinetd off, no sshd, no ftp, in other words the bare minimum to run a box
> and gui)

I don't run a lot of firewall stuffs on this box, I largely depend on another 
old box with 3 nics in it, running the latest registered dd-wrt built for 
x86.  Best kept firewall/router secret in the business AFAIC.  And I haven't 
been touched but 3 times in 4 years of a 24/7 dsl hookup.  They made it to 
the log from iptables on a box I did use for that but haven't booted in a 
year now.  And that's as far as they got before I simply disappeared from 
their view of the net.  portsentry, iptables and tcpwrapper can make a pretty 
bulletproof system s you don't have to worry about it.  But dd-wrt beats that 
IMO.

-- 
Cheers, Gene
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
"I'm a bastard, and proud of it !"

	- Linus Torvalds

-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux