Had some problems setting up a new account on the RAQ. Could not get the new IP working at all, so I used one already on the RAQ and ended up deleting and reworking some DNS records, trying reverse PTR. Trying the firewall script. Finally, I thought I had everything working, but found this in the logs indicating there was likely still a problem with the reverse lookup: ns sendmail[31501]: gethostbyaddr(xxx.xxx.xxx.xxx) failed: 2, Oriinally, I had noticed this entry for the new IP. Since the changes that IP is no longer in the list, but ALL the working IPs on the box are. Also, I noticed entries like these: Aug 27 01:59:49 ns kernel: Packet log: input DENY eth0 PROTO=6 203.196.157.90:62392 xxx.xxx.xxx.xxx:25 L=48 S=0x00 I=52103 F=0x4000 T=105 SYN (#603) Now I can't ftp into the raq at any address, and am no longer receiving log reports. When I ran chrootkit, this is what happened: [root@ns chkrootkit-pre-0.36]# ./chrootkit sh: ./chrootkit: No such file or directory [root@ns chkrootkit-pre-0.36]# ./chrootkit sh: ./chrootkit: No such file or directory [root@ns chkrootkit-pre-0.36]# ./chkrootkit ROOTDIR is `/' It took 3 tries! It didn't report anything found, but Checking `lkm'... not tested: can't exec ./chkproc Checking `rexedcs'... not found Checking `sniffer'... not tested: can't exec ./ifpromisc Checking `wted'... not tested: can't exec ./chkwtmp Checking `z2'... not tested: can't exec ./chklastlog Any ideas? Thanks! Sean _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
