[PLUG] What does this mean?
Jon Jacob
jonjacobmoon at yahoo.com
Fri Apr 12 18:28:44 UTC 2002
I apologize.
I was not clear. How do I know if the addition to /etc/hosts.deny
worked.
Unfortunately, it looks as if it occurred again. However, nothing seems
to have been changed or really "attacked"
On Fri, 2002-04-12 at 08:18, Michael Smith wrote:
> um... see if there's anything unusual after the rpc line in your logfile... new user accounts, network errors, things that are on the log.
>
> I would also check the command history for root to see if there's anything that you don't remember doing. /root/.bash_history
>
> And finally, see if you can find out how to do a system checksum audit on the packages you have installed. It depends on what distro you're using, but most package managers let you verify the integrity of your binaries in /bin, /usr/bin, and /sbin.
>
> I would recommend getting and using either tripwire or aide. Basically what they do is run a few system integrity checks on your files and make a database of the stats, then whenever you feel like it (or have chron do it) you can run the checks to see what's changed. The difference between the 2 packages, as I understand it... aide=GPL(free as in freedom) tripwire=proprietary(free as in love).
>
> And I'm assuming you mean, if the attack worked....
>
> Tschuss
> --Mike
>
>
> Jon Jacob wrote:
>
> > Thanks, Micheal.
> >
> > One quick question, how do I know that this worked?
>
>
> _______________________________________________
> PLUG mailing list
> PLUG at lists.pdxlinux.org
> http://lists.pdxlinux.org/mailman/listinfo/plug
_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com
More information about the PLUG
mailing list