[PLUG] security?
Zot O'Connor
zot at whiteknighthackers.com
Tue Apr 2 13:22:19 UTC 2002
On Thu, 2002-03-28 at 16:46, Bruce Kingsland wrote:
> J.A. Henshaw's Log: StarDate 0324.1520:
> > Bruce Kingsland wrote:
> >
> > > I had a redhat7.2 system behind a firewall with only ports 80, 20, 21,
> > > 22 open on Wednesday, running fine. Today, there are only 8MB of files
> > > left on the 9GB system. A df last week showed about 30% used. The
> > > journal files are still there, but not much else. fsck shows clean.
> > >
run "du -s /xxxx" where xxxx is a directory off of root "/"
Do this for each dir off of root. It will tell you where the 8Gb is.
I would hazard ftp might be the answer. If anon ftp is allowing file
uploads, someone can upload 8 Gb, and not break security.
Once you fine the directory du a "du -s /xxxx/* | sort -n"
The * measures sub directories. The sort shows the biggest last.
a word of warning, don't do /proc, /net, or /misc or /mnt as they tend
to be mount points not directories.
--
Zot O'Connor
http://www.ZotConsulting.com
http://www.WhiteKnightHackers.com
More information about the PLUG
mailing list