Have I been hacked? Shadow file deleted
Jose Luis Hime
jhime at synchro.com.br
Fri Sep 9 15:46:44 UTC 2005
Here it is... I see that named opens the port 953, I do not believe this
could be an issue...
PORT STATE SERVICE
25/tcp open smtp
53/tcp open domain
80/tcp open http
110/tcp open pop3
143/tcp open imap
443/tcp open https
953/tcp open rndc
993/tcp open imaps
995/tcp open pop3s
________________________________________
From: fedora-list-bounces at redhat.com [mailto:fedora-list-bounces at redhat.com]
On Behalf Of Marc M
Sent: Friday, September 09, 2005 11:16 AM
To: For users of Fedora Core releases
Subject: Re: Have I been hacked? Shadow file deleted
What about nmap, maybe it could at least give you a port to investigate
nmap -p 1-65535 localhost
Marc
On 9/9/05, Jose Luis Hime <jhime at synchro.com.br> wrote:
chkrootkit and rkhunter do not report any problem.
I am still with this issue, any hints?
Thanks,
J. Hime
________________________________________
From: fedora-list-bounces at redhat.com [mailto:fedora-list-bounces at redhat.com]
On Behalf Of Marc M
Sent: Thursday, September 08, 2005 5:00 PM
To: For users of Fedora Core releases
Subject: Re: Have I been hacked? Shadow file deleted
Try running chkrootkit and rkhunter
On 9/8/05, STYMA, ROBERT E (ROBERT) <stymar at lucent.com> wrote:
>
> Hello,
>
> I installed a new server on Tuesday using Fedora Core 4 and
> today the shadow
> file was deleted three times. Since nothing was being done on
> the box at
> those times, I believe I was hacked.
>
Since it is a new install, I would look into running the
badblocks command just to be safe.There is always the chance
something is wrong with the disk where the inode for the shadow
file is stored.This is a long shot, but easy to do.
Bob Styma
--
fedora-list mailing list
fedora-list at redhat.com
To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
--
fedora-list mailing list
fedora-list at redhat.com
To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
More information about the fedora-list
mailing list