Re: [cobalt-security] gmon.out a security issue?

Gerald Waugh Tue, 02 Apr 2002 19:40:17 -0800

On Tuesday 02 April 2002 09:53 pm, Gerald Waugh wrote:
> -rw-r--r--  1 root  root  1095 Apr  1 14:04 /gmon.out
> I found one on one of my RaQ4s
> Notice the date Apr 1
> is this a fools file?
=================== M O R E =================
[root /]# ls -l -R | grep "Apr  1 14:"
-rw-r--r--   1 root   root          1095 Apr  1 14:04 gmon.out
-rw-------   1 root   root        32768 Apr  1 14:02 adm_ssl_scache.pag
drwxrwsr-x  19 nobody site2   1024 Apr  1 14:02 web
-rw-rw-r--   1 nobody   site2   9098 Apr  1 14:01 index.html


Apr  1 13:58:12 fsn3 sshd[1086]: Accepted password for admin from 
216.47.168.9 port 55842 ssh2
Apr  1 13:58:12 fsn3 PAM_pwdb[1086]: (sshd) session opened for user admin by 
(uid=0)
Apr  1 14:02:03 fsn3 sshd[1086]: Received disconnect from 216.47.168.9: 11: 
All open channels closed
Apr  1 14:02:03 fsn3 PAM_pwdb[1086]: (sshd) session closed for user admin

Now, admin logged onto the server at 13:58:12 on Apr 1st
and
logged out at 14:02:03 on Apr 1st
admin edited site2/index.html 

admin logged into the admin GUI at  14:02:56
[01/Apr/2002:14:02:57 -0500] "GET /cgi-bin/.cobalt/siteList/siteList.cgi
[01/Apr/2002:14:02:58 -0500] "GET /cgi-bin/.cobalt/alertSignal/alertSignal.cgi
[01/Apr/2002:14:03:01 -0500] "GET /cgi-bin/.cobalt/siteList/siteList.cgi
[01/Apr/2002:14:03:02 -0500] "GET /cgi-bin/.cobalt/alertSignal/alertSignal.cgi
[01/Apr/2002:14:03:20 -0500] "GET/cgi-bin/.cobalt/alert/alert.cgi
[01/Apr/2002:14:03:23 -0500] "GET /cgi-bin/.cobalt/alertSignal/alertSignal.cgi
[01/Apr/2002:14:03:24 -0500] "GET /cgi-bin/.cobalt/alert/alert.cgi
[01/Apr/2002:14:03:28 -0500] "GET /cgi-bin/.cobalt/raidUsage/raidUsage.cgi
[01/Apr/2002:14:03:35 -0500] "GET /cgi-bin/.cobalt/alert/alert.cgi
[01/Apr/2002:14:03:44 -0500] "GET /cgi-bin/.cobalt/alertSignal/alertSignal.cgi
[01/Apr/2002:14:03:45 -0500] "GET /cgi-bin/.cobalt/siteList/siteList.cg
[01/Apr/2002:14:03:58 -0500] "GET /cgi-bin/.cobalt/alertSignal/alertSignal.cgi
[01/Apr/2002:14:03:58 -0500] "GET /cgi-bin/.cobalt/alert/alert.cgi
[01/Apr/2002:14:04:04 -0500] "GET /cgi-bin/.cobalt/alert/service.cgi
and logged out at  14:04:51

Maybe one of these cgi`s did it???

I can't find where anyone else was logged into this server at those times???

- 
Gerald Waugh : Registered Linux user # 255245
http://www.frontstreetnetworks.com
Front Street Networks LLC - ph. 203.785.0699
229 Front Street, Ste. #C, New Haven, CT, United States of America
10:08pm up 12 days, 6:33, 3 users, load average: 2.03, 1.77, 1.64
_______________________________________________
cobalt-security mailing list
[EMAIL PROTECTED]
http://list.cobalt.com/mailman/listinfo/cobalt-security

Re: [cobalt-security] gmon.out a security issue?

Reply via email to