brute force ssh attack
ne...
guhvies at gmail.com
Fri Apr 29 21:37:56 UTC 2005
On 4/29/05, M.Rudra <dr.rudra at gmail.com> wrote:
> On 4/27/05, Thomas Cameron <thomas.cameron at camerontech.com> wrote:
> > > something.) Also check in /tmp and /var. And any luck with the
> > > .bash_history? (For both the users and for root....)
> >
> > Especially /var/tmp - that's a common place for rootkits to live.
>
> a doubt here ,
>
> i checked /tmp and found
>
> srwxrwxrwx 1 wnn wnn 0 Apr 27 22:30 jd_sockV4
> why does this file (socket) have different owner and user, while all
> others have either root or userabc.
>
> drwxrwxrwt 2 xfs xfs 4096 Apr 29 22:30 .font-unix
> this hidden file also has different permission and different owner and
> user, while others have either root or userabc.
>
> xfs and wnn ? are not users created by me so where did they come from ?
xfs is the font server, do not know whay wnn is. Check /etc/passwd
for the list of users for the system.
N.Emile...
--
Registered Linux User # 125653 (http://counter.li.org)
Certified: 75% bastard, 42% of which is tard.
http://www.thespark.com/bastardtest
Now accepting personal mail for GMail invites.
More information about the fedora-list
mailing list