Worried about having been hacked

Rick Stevens ricks at nerd.com
Mon Jul 6 17:52:59 UTC 2009


Arthur Pemberton wrote:
> On Mon, Jul 6, 2009 at 12:01 PM, James
> Allsopp<jamesaallsopp at googlemail.com> wrote:
>> Hi,
>> I've a Fedora core 10 system which spends a lot of the time connected
>> directly to the internet, with a static ip. The only external ports open
>> are 80 and 22. SSH only allows access to one non-root user via an rsa
>> key. I'm using an IPtables script from
>>
>>> http://iptables-tutorial.frozentux.net/iptables-tutorial.html
>> However, I normally get my logs e-mailed to an external account and
>> they're not getting to me. I'm not sure if they've not been sent or my
>> logs are being altered and hidden. How do I diagnose this problem, and
>> in general look for security incursions. I'm thinking of leaving
>> wireshark running on the external ethernet card and see what happens.
>>
>> Thanks, any advice much appreciated.
>> Jim
>>
> 
> Have you checked your Spam folder on the receiving email account?
> Email sent through the mail command tends to get rated very poorly by
> spam filters.

You might check the /var/spool/clientmqueue directory to see if the
mail's been spooled but not sent out and look at the /var/log/maillog
file to verify the mail was indeed sent to the external account.
----------------------------------------------------------------------
- Rick Stevens, Systems Engineer                      ricks at nerd.com -
- AIM/Skype: therps2        ICQ: 22643734            Yahoo: origrps2 -
-                                                                    -
-     I was married by a judge.  I should have asked for a jury.     -
-                                                   -- Groucho Marx  -
----------------------------------------------------------------------




More information about the fedora-list mailing list