[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] are these worm files?

Subject: Re: [cobalt-security] are these worm files?
From: Gossi The Dog <gossi@xxxxxxxxxxxxxx>
Date: Mon, 26 Mar 2001 02:51:10 +0100 (BST)
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

On Mon, 26 Mar 2001, Tsukaeru.net wrote:

> Which patch is the appropriate patch...? I have all the latest RAQ4 patches
> and installed portsentry. Should this cover it?

It depends on how bleh-bleh person got into the system as to which patches
you need to apply.  If you applied one of the earlier bind .pkg's you may
need to restart the named service for it to take effect.

I'd personally recommend making sure proftpd, sendmail, named and SSH are
up to date.  If you can get away with it, disabling the web administrator
interface might also be a good idea.

Anyway, if you have t0rn or similar running chances are there are
rootshells all over the box that need cleaning.

Anyway, 3am in the UK so I'm off to bed.
Gossi.

Follow-Ups:
- Re: [cobalt-security] are these worm files?
  - From: Tsukaeru.net

References:
- Re: [cobalt-security] are these worm files?
  - From: Tsukaeru.net

Prev by Date: Re: [cobalt-security] are these worm files?
Next by Date: Re: [cobalt-security] are these worm files?
Previous by thread: Re: [cobalt-security] are these worm files?
Next by thread: Re: [cobalt-security] are these worm files?

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index