On Mon, 25 Aug 2003, Swapana Ghosh wrote: > > Hi > > Thanks a lot for all of your answers ... > > >>There's a good possibility that while using telnet > instead of ssh that > >>your root password has been sniffed and the box has > been compromised. > >>You may want to consider using an intrusion > detection system such as > >>Tripwire to be able to monitor file changes, and > never ever use telnet > >>anywhere except on a protected lan. Do you have any > way of verifying the > >>system integrity now? > > > This is not our sever.. It is one of our clinet's...We > have asked several > times but he will use *telnet*... > > I have nothing to verify - but just came to know that > from the client's side somebody > was trying to change the /etc/passwd file and after > that it started behaving like > this...I myself is not too experienced in the Sysadmin > area...so need help.. > > If you all can advice me what to check and where, it > will be helpful... I am already > compamring though with the files like sudo, su with > our existing server , which > has same type of configuration....
Today is the day that your client learns their lesson, and restores from backups, because they were compromised for being stupid. -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Lonni J Friedman [EMAIL PROTECTED] Linux Step-by-step & TyGeMo http://netllama.ipfox.com _______________________________________________ Linux-users mailing list [EMAIL PROTECTED] Unsubscribe/Suspend/Etc -> http://www.linux-sxs.org/mailman/listinfo/linux-users
