[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] hacked raq3
- Subject: Re: [cobalt-security] hacked raq3
- From: Tim <timothy_bissell@xxxxxxxx>
- Date: Tue, 13 Mar 2001 22:56:59 -0500
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
I would also recommend running:
rpm -V fileutils
rpm -V procps
rpm -V util-linux
The util linux one is going to complain just watch what it complains about, the
box here complains this:
S.5....T c /etc/pam.d/chfn
S.5....T c /etc/pam.d/chsh
S.5....T c /etc/pam.d/login
.M...... /usr/bin/newgrp
.M...... /usr/bin/write
And this is a clean box.... hope this helps...
Kevan Benson wrote:
> I can't really tell you what processes should be running, because that
> depends on your services, but I can give you a somewhat good walkthrough for
> finding problems.
>
> As a start I would advise you run "ps -auxwww" on the server and check what
> programs it says are running, and try to account for them all. If you don't
> know what something does, look at the man page or do a google search. Next,
> run "netstat -plven" AS ROOT. That will tell you what programs are listening
> on what ports, and their PIDs. After that telnet to those ports and see if
> they respond with what they should (for example, try telnetting to a host
> with FTP on port 21, they usually respond saying the FTP server type and
> version). A good port scanner for linux is nmap, get it at freshmeat.net.
> Another good scanner system checker is nessus, get it at the same place.
> These are both linux tools, I don't know their equivalent in windows or mac.
>
--
Regards,
Timothy Bissell
Sun Microsystems Sr. Help Desk Technician
Phone: 1-800-266-4378