Box Cracked ( Was: thank's )

bob.smith at kolumbus.fi bob.smith at kolumbus.fi
Sat Oct 20 17:07:44 UTC 2007 

Gene Heskett <gene.heskett at verizon.net> kirjoitti: 
> On Saturday 20 October 2007, bob.smith at kolumbus.fi wrote:
> >Manuel Arostegui Ramirez <manuel at todo-linux.com> kirjoitti:
> >> El Sábado, 20 de Octubre de 2007 18:42, bob.smith at kolumbus.fi escribió:
> >> > here ls -laR /tmp
> >>
> >> Seems to me you're ignoring my other suggestions...such as tell us what
> >> the hell make you think you've been visited by a hacker...
> >> Keep hiding us the basic information and the whole history of what
> >> happened to your system and you'll realised how this thread is sent to
> >> /dev/null
> >>
> >> Manuel.
> >> --
> >> Manuel Arostegui Ramirez.
> >>
> >> Electronic Mail is not secure, may not be read every day, and should not
> >> be used for urgent or sensitive issues.
> >>
> >> --
> >> fedora-list mailing list
> >> fedora-list at redhat.com
> >> To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
> >
> >these are a mentioned in rkhunter:
> >
> >[19:20:07] /usr/bin/groups                                   [ Warning ]
> >[19:20:07] Warning: The command '/usr/bin/groups' has been replaced by a
> > script: /usr/bin/groups: Bourne shell script text executable [[19:20:08]
> > /usr/bin/ldd                                      [ Warning ] [19:20:08]
> > Warning: The command '/usr/bin/ldd' has been replaced by a script:
> > /usr/bin/ldd: Bourne shell script text executable [[19:20:11]
> > /usr/bin/whatis                                   [ Warning ] [19:20:11]
> > Warning: The command '/usr/bin/whatis' has been replaced by a script:
> > /usr/bin/whatis: Bourne shell script text executable [[19:20:12] Warning:
> > The command '/sbin/ifdown' has been replaced by a script: /sbin/ifdown:
> > Bourne-Again shell script text executable [19:20:12] /sbin/ifup            
> >                            [ Warning ] [19:20:12] Warning: The command
> > '/sbin/ifup' has been replaced by a script: /sbin/ifup: Bourne-Again shell
> > script text executable [19:20:52] Info: Rkhunter option ALLOW_SSH_ROOT_USER
> > set to 'no'.
> >[19:20:52]   Checking if SSH root access is allowed          [ Warning ]
> >[19:20:52] Warning: The SSH configuration option 'PermitRootLogin' has not
> > been set. The default value may be 'yes', to allow root access.
> >[
> >is this normal on FC6?
> >
> >--
> 
> Apparently so, that is what I get here, they are scripts. FC6 too.
> 
> -- 
> Cheers, Gene
> "There are four boxes to be used in defense of liberty:
>  soap, ballot, jury, and ammo. Please use in that order."
> -Ed Howdershelt (Author)
> Lackland's Laws:
> 	(1) Never be first.
> 	(2) Never be last.
> 	(3) Never volunteer for anything
> 
thank's, appears normal then, 
do you have any information about how a tmp directory shoud look like under "normal" circumstances?

(this box has mysql(not running at the time of ls -laR, tomcat(not running right now), apache(not running right now). One user logged on (inetd off, xinetd off, no sshd, no ftp, in other words the bare minimum to run a box and gui)

> -- 
> fedora-list mailing list
> fedora-list at redhat.com
> To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
> 


--

More information about the users mailing list