help
Marti, Robert
RJM002 at shsu.edu
Thu Jan 28 13:03:27 UTC 2010
Also you're running 5.3 you said - which kernel version? Iirc there
was a remote privelege that's been fixed but not if you don't update.
Sent from my iPhone
On Jan 28, 2010, at 6:56, "mark" <m.roth at 5-cent.us> wrote:
> Joy Methew wrote:
>> Hello all,
>> i m using RHEL5.3 as a my mail server with real
>> ip.i
>> configure my system mostly remotely.last login time of my system 27
>> jan
>> from this ip 118.129.153.43.
>> than i try to login at 28 jan in morning so i can`t got
>> authentication as
>> root from my last password.
>> than i reboot the system reset my password.
>> i login as a root than i run "last" command i m sending tha first
>> 10 lines
>> of last command...i thinks someone hack my system.i am sending
>> history
>> command output.
>> now i remove .ssh directory and /var/tmp/*
>>
>> please suggest wat is this??
> <snip>
>
> Copy your /root/.ssh/authorized_keys to a backup name, and edit the
> existing
> one to remove the last one or two, but REMOVE THE KEY YOU SEE IN
> THERE THAT
> MATCHES THE ONE IN THE ECHO COMMAND. Otherwise, your attacker will
> just get in
> *without* a password, just an exchange of public and private keys
> via ssh.
>
> mark
>
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
More information about the redhat-list
mailing list