[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-security] amd root?

Subject: RE: [cobalt-security] amd root?
From: "Brian W. Horner" <brianh@xxxxxxxxxxxx>
Date: Wed, 6 Feb 2002 14:10:16 -0800
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

Kai,

This happened to my RaQ4i last year and Sun deemed that the box had been
hacked. There was no easy way to determine if it had a "back door" placed on
it, so they recommended that I do an OS restore.

If this box is critical and/or has backend database connectivity to other
networks/servers, I would recommend you do the same.

Does this RaQ sit behind a firewall? If not, I would look into it.

Brian W. Horner

-----Original Message-----
From: cobalt-security-admin@xxxxxxxxxxxxxxx
[mailto:cobalt-security-admin@xxxxxxxxxxxxxxx]On Behalf Of Kai r. s.,
euroweb as
Sent: Wednesday, February 06, 2002 1:43 PM
To: cobalt-security@xxxxxxxxxxxxxxx
Subject: SV: [cobalt-security] amd root?


Hi, to you all..


>
> > Did you recently stumble across any RaQ3 or RaQ4 which had
> /etc/shadow set
> > to -r--------?

I hve a file on two raq4r called gshadow   /etc/gshadow that are set
 to -r--------
Is this the way it should be?

Yesterday one of the raq4r with out a warning stooped responding (total-
web, ssh, mail,ftp) I had to drive to the server location and restart it.
When looking at the indicators everything (web line, hard disk) looked ok.
But the buttons on the raq4r did not react at all when trying to
reboot/shutdown! After some time trying to get it to respond in the display,
I had to pull the power cable.

It started and after some disk checking it was like before.

How normal is this?

Some of the reason I ask is that it has happened twice before on some raq3i
servers, and those where possible hacked on the time or got hacked when it
occurred.

best regards

Kai R S
euroweb as
Norway



> With best regards,
>
> Michael Stauber
> mstauber@xxxxxxxxxxxxxx
> Unix/Linux Support Engineer
> _______________________________________________
> cobalt-security mailing list
> cobalt-security@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-security
>

_______________________________________________
cobalt-security mailing list
cobalt-security@xxxxxxxxxxxxxxx
http://list.cobalt.com/mailman/listinfo/cobalt-security

References:
- SV: [cobalt-security] amd root?
  - From: Kai r. s., euroweb as

Prev by Date: SV: [cobalt-security] amd root?
Next by Date: RE: [cobalt-security] amd root?
Previous by thread: SV: [cobalt-security] amd root?
Next by thread: RE: [cobalt-security] amd root?

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index