On Fri, 14 Dec 2001, Bruno Gimenes Pereti wrote: > I was compiling ntop in my redhat and sudenly it rebooted (don't know the > reason yet). Bruno, Did you check /var/log/messages, if not do a "less /var/log/messages" and look for syslog messages close to that time where the reboot happened. Also check /var/log/secure and /var/log/xferlog for clues of intrusion attempts. This line => > -A input -p tcp -i eth0 -s myHome -d 0/0 22 -l -j ACCEPT generates this one => > ACCEPT tcp ----l- myHome 0.0.0.0/0 * -> 22 it says allow any to ssh to myHome this one says > ACCEPT udp ------ my2NS 0.0.0.0/0 53 -> * allow DNS to talk to my computer using UDP from their port 53 > I don't have the first rule in my /etc/sysconfig/ipchains file. > > # more /etc/sysconfig/ipchains > :input ACCEPT > :forward ACCEPT > :output ACCEPT > # -A input -p icmp -s 0/0 8 -d myIP 0 -j REJECT > -A input -p tcp -i eth0 -s myHome -d 0/0 22 -l -j ACCEPT > > The init-script is equal to the rpm one. > > Do I have to worry? Does anybody know what is this? If that is all you have for a ipchains script, then yes, worry. Go to freashmeat.net or google and search for a ipchains or better yet, use iptables. Installing AIDE or Tripwire (and using it) is a good way to find out if your computer has been compromised. http://www.cs.tut.fi/~rammer/aide.html http://sourceforge.net/projects/tripwire There is a lot of good documentation out there on how to secure your computer, read it and apply it. http://www.google.com/search?q=securing+linux Good luck, ::dc:: David Correa RHCE CCNA _ _ _ _ _ _ _ _ ___ ____ ____ _ _ tech@linux-tech.com | | |\ | | | \/ | |___ | |__| http://www.linux-tech.com |___ | | \| |__| _/\_ | |___ |___ | | ------------------------------------------------------------------------ To unsubscribe email security-discuss-request@linuxsecurity.com with "unsubscribe" in the subject of the message.
