Also you're running 5.3 you said - which kernel version? Iirc there was a remote privelege that's been fixed but not if you don't update. Sent from my iPhone On Jan 28, 2010, at 6:56, "mark" <m.roth@xxxxxxxxx> wrote: > Joy Methew wrote: >> Hello all, >> i m using RHEL5.3 as a my mail server with real >> ip.i >> configure my system mostly remotely.last login time of my system 27 >> jan >> from this ip 118.129.153.43. >> than i try to login at 28 jan in morning so i can`t got >> authentication as >> root from my last password. >> than i reboot the system reset my password. >> i login as a root than i run "last" command i m sending tha first >> 10 lines >> of last command...i thinks someone hack my system.i am sending >> history >> command output. >> now i remove .ssh directory and /var/tmp/* >> >> please suggest wat is this?? > <snip> > > Copy your /root/.ssh/authorized_keys to a backup name, and edit the > existing > one to remove the last one or two, but REMOVE THE KEY YOU SEE IN > THERE THAT > MATCHES THE ONE IN THE ECHO COMMAND. Otherwise, your attacker will > just get in > *without* a password, just an exchange of public and private keys > via ssh. > > mark > > -- > redhat-list mailing list > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe > https://www.redhat.com/mailman/listinfo/redhat-list -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
