> John Summerfield (summer@os2.ami.com.au) said: > > Is this being broken into? If so, what do I look for? > > This is one line. There were quite a few. > > May 6 03:22:36 gateway SERVER[5344]: Dispatch_input: bad request line > > This is someone trying to break into LPRng, as I recall - I believe > if you get the log message, you're OK. ;) I'm hoping there are more ideas.... Better too many than too few in these circumstances. I went digging on Google after I wrote. I discovered lots of attempts reported of people trying to hit dump() and some nfs(). There was also a mention of someone breaking into the IMAP service, and that is a worry because a) The boss wants to get his mail from outside b) There was a report from the ISP of the site being unfriendly with the mail it was sending. I don't know the specifics though. I could not find any evidence of residual harm, and the fact we have the log messages suggest either a beginner or a failure. I used RPM to validate the installed packages: rpm -Va, and saw nothing especially odd (paying special attention to the ls command), and find to find unexpected executables. I applied what updates I had (I'm getting the latest now), force-reinstalled rpm, and rechecked. I was going to check using Bero's Enigma rescue CD, but it's got the wrong version of rpm on it. Oh, the system has webmin on it; I updated that to the latest I have, found there's a security update on that and got the latest there is and installed that, and tightened it up so you can't try guessing passwords indefinitely. -- Cheers John Summerfield Microsoft's most solid OS: http://www.geocities.com/rcwoolley/ Note: mail delivered to me is deemed to be intended for me, for my disposition. ============================== If you don't like being told you're wrong, be right! _______________________________________________ Redhat-devel-list mailing list Redhat-devel-list@redhat.com https://listman.redhat.com/mailman/listinfo/redhat-devel-list
