Here it is... I see that named opens the port 953, I do not believe this could be an issue... PORT STATE SERVICE 25/tcp open smtp 53/tcp open domain 80/tcp open http 110/tcp open pop3 143/tcp open imap 443/tcp open https 953/tcp open rndc 993/tcp open imaps 995/tcp open pop3s ________________________________________ From: fedora-list-bounces@xxxxxxxxxx [mailto:fedora-list-bounces@xxxxxxxxxx] On Behalf Of Marc M Sent: Friday, September 09, 2005 11:16 AM To: For users of Fedora Core releases Subject: Re: Have I been hacked? Shadow file deleted What about nmap, maybe it could at least give you a port to investigate nmap -p 1-65535 localhost Marc On 9/9/05, Jose Luis Hime <jhime@xxxxxxxxxxxxxx> wrote: chkrootkit and rkhunter do not report any problem. I am still with this issue, any hints? Thanks, J. Hime ________________________________________ From: fedora-list-bounces@xxxxxxxxxx [mailto:fedora-list-bounces@xxxxxxxxxx] On Behalf Of Marc M Sent: Thursday, September 08, 2005 5:00 PM To: For users of Fedora Core releases Subject: Re: Have I been hacked? Shadow file deleted Try running chkrootkit and rkhunter On 9/8/05, STYMA, ROBERT E (ROBERT) <stymar@xxxxxxxxxx> wrote: > > Hello, > > I installed a new server on Tuesday using Fedora Core 4 and > today the shadow > file was deleted three times. Since nothing was being done on > the box at > those times, I believe I was hacked. > Since it is a new install, I would look into running the badblocks command just to be safe.There is always the chance something is wrong with the disk where the inode for the shadow file is stored.This is a long shot, but easy to do. Bob Styma -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
