I'm not using ftp to provide anything, merely to acquire.
both wu-ftpd and proftpd (?ftp providers?) are on my machine, but
to my knowledge I have not used them for anything. I use 'WebDownloader for X
1.16' to download files. I don't know if this is a frontend for one of the above
programs, or if it is self-sufficient with it's own security issues to bear in
mind.
Using the find command below turned up nothing that I thought looked
particularly suspect, but then I don't know what exactly I'm looking for in
the data that it produced (would it be unwise to post the output of this onto
the list?).
similarly there is nothing that looks out of the ordinary in my passwd file.
I'm not sure where else to look, for what. I guess there's only so much I can
do at this stage.
BTW, I have no use for 'news' how would I disable this, which gains su status
twice a day, although I have not configured it at all?
takcq, so much.
d.
On 20-Jul-00 [EMAIL PROTECTED] wrote:
> What version of ftp are you using wu-ftpd or proftpd or the BSD ftpd?
> Recently I remember that a vulnerablility was found in wu-ftpd that could
> allow a remote user to gain root priviledges another was also found in
> proftpd. Also remember that if you were cracked, and the user gained root
> priviledges, then he could have cleared your log files of any
> incriminating evidence. Try to find if there are any suid and sgid scripts
> left on your machine in case the cracker left a back door also look
> through your passwd file for any uid 0 accounts don't search for strings
> like :0: because he can always use :000: this is really surface because a
> good cracker would not use such obvious methods. to search for suid and
> sgid scripts use
> find / -type f \( -perm -2000 -o -perm -4000 \) -print
>
> Noah
> [EMAIL PROTECTED]
>
>
>
>
> -
> To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
> the body of a message to [EMAIL PROTECTED]
> Please read the FAQ at http://www.linux-learn.org/faqs
__________________________________________________
Do You Yahoo!?
Talk to your friends online with Yahoo! Messenger.
http://im.yahoo.com
-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to [EMAIL PROTECTED]
Please read the FAQ at http://www.linux-learn.org/faqs
