Re: [RH List] Re: Possible break-in

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Pete Nesbitt wrote:

We had a solaris box hacked the other day. The machine is off-line but has not been looked at. So far it looks like there was a sendmail vulnerability that came out around the 8th (from what I could find) and we got hacked on the 9th (at least that is when a "eee" and a "r00t" accont showed up.

Does your box have sendmail listening to the outside?


I keep up with the source directly from sendmail.org, and thus am running 8.12.11. I don't think there's been a problem with that version yet. But also, it turned out to be a false alarm. prelink changes file sizes when it runs on binaries and libraries (ironically they get bigger,) and tripwire was doing what it's supposed to do: warm about file changes.


--
H| I haven't lost my mind; it's backed up on tape somewhere.
+--------------------------------------------------------------------
Ashley M. Kirchner <mailto:ashley@xxxxxxxxxx> . 303.442.6410 x130
IT Director / SysAdmin / WebSmith . 800.441.3873 x130
Photo Craft Laboratories, Inc. . 3550 Arapahoe Ave. #6
http://www.pcraft.com ..... . . . Boulder, CO 80303, U.S.A.





-- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list

[Index of Archives]     [CentOS]     [Kernel Development]     [PAM]     [Fedora Users]     [Red Hat Development]     [Big List of Linux Books]     [Linux Admin]     [Gimp]     [Asterisk PBX]     [Yosemite News]     [Red Hat Crash Utility]


  Powered by Linux