[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [cobalt-security] 'proftpd-inetd appears to be from newer ver sion' message (x-posted)
- Subject: RE: [cobalt-security] 'proftpd-inetd appears to be from newer ver sion' message (x-posted)
- From: Brandon Wheaton <brandonw@xxxxxxxxxxxx>
- Date: Sat, 14 Oct 2000 10:36:01 -0700
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
> On Thu, 12 Oct 2000, Kevin D wrote:
>
> > I have recently noticed the following entry in my Messages log:
> >
> > run-time scoreboard file '/var/run/proftpd/proftpd-inetd'
> appears to be from a newer version of proftp
> >
> > Is this something that a recent cobalt patch has caused, or
> is this evidence of a hack? I have not noticed any strange
> activity on my server, and a quick scan of recent FTP
> connections via the 'secure' log shows no foreign IP
> addresses (it's a pretty low traffic server).
>
> I've got the same problem on my RaQ, and I'm using manually compiled
> proftpd 1.2.0rc2. I've not got around to looking at why it's
> happening
> yet, but it doesn't appear to be anything dodgy (security wise).
>
rm /var/run/proftpd/proftpd-inetd
That should stop the messages in your log. If you want you
could backup the file to be safe, but basically it is crud
left over from a previous install.
> Oh, and remember that text logs can be altered.
If someone is altering your logs you have more important
issues to address, like how they gained the access to be
able to alter your logs, not to mention finding out what
else have they altered. If you have suspicions about
unauthorized accesses, first check your /etc/passwd file
for entries you don't recognize. Then do a "last -d -a"
to see who has logged into your server and from where.
Also ensure that you do NOT allow remote root logins.
This way, you have a log of anyone issuing the "su -"
command to become root.
Take care.
Brandon Wheaton
UNIX Systems Engineer
ValiCert, Inc.
1215 Terra Bella Ave.
Mountain View, CA 94043
650.567.5430
----
Computers are useless; they can only provide answers.
~Pablo Picasso