[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: SV: [cobalt-security] urgent question
- Subject: Re: SV: [cobalt-security] urgent question
- From: "Gareth" <garth@xxxxxxxxxxxxxxx>
- Date: Fri, 21 Sep 2001 13:05:18 +0100
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
It looks like you just got slaughtered by thousands of Nimda worms then,
if you want to check (and you still have the log) try doing a
grep -v "root" logfilenamegoeshere |grep -v "cmd"
which will display all the lines which don't contain root or cmd
so it should take out most of the junk. You could also add a
|grep -v "default.ida"
to the end to take out codered/blue variants.
I don't know much about logrotate but maybe it removed the logs because
too much space was being used on the partition.
Gareth
----
On the SSHD and TELNET note, some sshd servers have lines in the ssh_config
file which deny/allow users. Make sure you have your users in this file.
Gareth
> From: "Kai r. s., euroweb as" <kai@xxxxxxxxxx>
> To: <cobalt-security@xxxxxxxxxxxxxxx>
> Subject: SV: [cobalt-security] urgent question
> Date: Thu, 20 Sep 2001 09:45:05 +0200
> Reply-To: cobalt-security@xxxxxxxxxxxxxxx
>
> Hi, and thanks for giving me helpful tips.
>
> I did not include (-9) next time i will,(thanks)
>
> When it comes to finding the error it was almost inposible to find
anything
> in a 2000 mb error log! what I could se was mostely root.exe and cmd.exe
> errors, but there could have been like a million errors i did not have
time
> to see. The funny thing was that it stopped log rotating the first hours,
> but when i came back to look for more errors later that evening the error
> log suddentely where back to normal size? where have it all gone? This is
> bugging my brain, and to be honest i don`t have a clue what happend. As
you
> proberly understand i am a newbi in linux/apache.I will be glad for any
help
> in pointing me the right way.
>
> Kai