[PLUG] security?

Zot O'Connor zot at whiteknighthackers.com
Tue Apr 2 13:22:19 UTC 2002


On Thu, 2002-03-28 at 16:46, Bruce Kingsland wrote:
> J.A. Henshaw's Log: StarDate 0324.1520:
> > Bruce Kingsland wrote:
> > 
> > > I had a redhat7.2 system behind a firewall with only ports 80, 20, 21,
> > > 22 open on Wednesday, running fine. Today, there are only 8MB of files
> > > left on the 9GB system. A df last week showed about 30% used. The
> > > journal files are still there, but not much else. fsck shows clean.
> > > 

run "du -s /xxxx"  where xxxx is a directory off of root "/"

Do this for each dir off of root.  It will tell you where the 8Gb is.

I would hazard ftp might be the answer.  If anon ftp is allowing file
uploads, someone can upload 8 Gb, and not break security.

Once you fine the directory du a "du -s /xxxx/* | sort -n"

The * measures sub directories.  The sort shows the biggest last.

a word of warning, don't do /proc, /net, or /misc or /mnt as they tend
to be mount points not directories. 


-- 
Zot O'Connor

http://www.ZotConsulting.com
http://www.WhiteKnightHackers.com





More information about the PLUG mailing list