[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-security] Noooo! Can someone help shed some light on this?
- Subject: [cobalt-security] Noooo! Can someone help shed some light on this?
- From: "Sean Ward" <planxty@xxxxxxxx>
- Date: Tue, 27 Aug 2002 15:42:18 -0500
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Had some problems setting up a new account on the RAQ. Could not get the
new IP working at all, so I used one already on the RAQ and ended up
deleting and reworking some DNS records, trying reverse PTR. Trying the
firewall script. Finally, I thought I had everything working, but found
this in the logs indicating there was likely still a problem with the
reverse lookup:
ns sendmail[31501]: gethostbyaddr(xxx.xxx.xxx.xxx) failed: 2,
Oriinally, I had noticed this entry for the new IP. Since the changes
that IP is no longer in the list, but ALL the working IPs on the box
are.
Also, I noticed entries like these:
Aug 27 01:59:49 ns kernel: Packet log: input DENY eth0 PROTO=6
203.196.157.90:62392 xxx.xxx.xxx.xxx:25 L=48 S=0x00 I=52103 F=0x4000
T=105 SYN (#603)
Now I can't ftp into the raq at any address, and am no longer receiving
log reports.
When I ran chrootkit, this is what happened:
[root@ns chkrootkit-pre-0.36]# ./chrootkit
sh: ./chrootkit: No such file or directory
[root@ns chkrootkit-pre-0.36]# ./chrootkit
sh: ./chrootkit: No such file or directory
[root@ns chkrootkit-pre-0.36]# ./chkrootkit
ROOTDIR is `/'
It took 3 tries!
It didn't report anything found, but
Checking `lkm'... not tested: can't exec ./chkproc
Checking `rexedcs'... not found
Checking `sniffer'... not tested: can't exec ./ifpromisc
Checking `wted'... not tested: can't exec ./chkwtmp
Checking `z2'... not tested: can't exec ./chklastlog
Any ideas?
Thanks!
Sean