[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] raq3 no admin interface
- Subject: Re: [cobalt-security] raq3 no admin interface
- From: David Yates Buckley <yates@xxxxxxxxx>
- Date: Sat, 30 Jun 2001 00:36:45 +0100
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Thank you!
I ran it and apart from some can't exec statements, it was a series of
"nothing found" which means that I have not been hacked yet?
Why is a utility like this not part of cobalt distribution...!!!
It is so obvious a way to check for a break in!
Thank you very much, you actually took a huge load off my mind as the
server was behaving a bit odd at times and I could not ensure it was safe.
I am off for vacation for ten days waiting to receive an SMS from the
server with a query:
"Hi, I've been hacked, what should I do?"
And actually I would not know what to say except:
PURCHASE NEW SERVER
RESTORE SITES
TRASH OLD SERVER
I think I will post a query about this when I return....
Thanks a lot, again...
yates
At 11:29 AM 6/29/01 -0400, you wrote:
>David Yates Buckley wrote:
>>
>> Hello,
>>
>> Probably a stupid question but is it normal for $TERM to be linux?
>>
>> Thank you,
>>
>> > " echo $TERM " will give back dumb...or something else other than
>> >xterm
>> >
>> >Please note, these tests only work correctly on non-mips processor
>> >servers. (You can tell if its mips on telnet login). There was some
>> >confusion about this when I posted this test before.
>> >
>> >We have also determined this to happen when the /var directory has been
>> >"wedged". This comes from too much disk space taken by log files.
>> >Usually an indication that the log rotation is failing. Make sure your
>> >server is updated with all the patches. If you don't have them all this
>> >could be the reason its happening. If you cannot access the server at
>> >all, contact technical support.
>> >
>> >--
>> >Bill Irwin
>> >Technical Support Engineer
>> >Sun Microsystems, Inc.
>> >_______________________________________________
>
>It should come back as xterm. If you are getting something else, you may
>want to do a little digging to find out why and what has changed. One of
>the best things you can do is grab the chkrootkit.tar.gz file
>ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz and check your
>system out.
>
>tar -xvzf chkrootkit.tar.gz
>cd into the directory
>chmod 755 chkrootkit
>./chkrootkit and let it run.
>
>***********************************************
>Please note this is - Unsupported by Cobalt!!!
>***********************************************
>
>
>--
>Bill Irwin
>Technical Support Engineer
>Sun Microsystems, Inc.
>_______________________________________________
>cobalt-security mailing list
>cobalt-security@xxxxxxxxxxxxxxx
>http://list.cobalt.com/mailman/listinfo/cobalt-security
>
>