On Saturday 20 October 2007, bob.smith@xxxxxxxxxxx wrote: >Gene Heskett <gene.heskett@xxxxxxxxxxx> kirjoitti: >> On Saturday 20 October 2007, bob.smith@xxxxxxxxxxx wrote: >> >Manuel Arostegui Ramirez <manuel@xxxxxxxxxxxxxx> kirjoitti: >> >> El Sábado, 20 de Octubre de 2007 18:42, bob.smith@xxxxxxxxxxx escribió: >> >> > here ls -laR /tmp >> >> >> >> Seems to me you're ignoring my other suggestions...such as tell us what >> >> the hell make you think you've been visited by a hacker... >> >> Keep hiding us the basic information and the whole history of what >> >> happened to your system and you'll realised how this thread is sent to >> >> /dev/null >> >> >> >> Manuel. >> >> -- >> >> Manuel Arostegui Ramirez. >> >> >> >> Electronic Mail is not secure, may not be read every day, and should >> >> not be used for urgent or sensitive issues. >> >> >> >> -- >> >> fedora-list mailing list >> >> fedora-list@xxxxxxxxxx >> >> To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list >> > >> >these are a mentioned in rkhunter: >> > >> >[19:20:07] /usr/bin/groups [ Warning ] >> >[19:20:07] Warning: The command '/usr/bin/groups' has been replaced by a >> > script: /usr/bin/groups: Bourne shell script text executable [[19:20:08] >> > /usr/bin/ldd [ Warning ] [19:20:08] >> > Warning: The command '/usr/bin/ldd' has been replaced by a script: >> > /usr/bin/ldd: Bourne shell script text executable [[19:20:11] >> > /usr/bin/whatis [ Warning ] [19:20:11] >> > Warning: The command '/usr/bin/whatis' has been replaced by a script: >> > /usr/bin/whatis: Bourne shell script text executable [[19:20:12] >> > Warning: The command '/sbin/ifdown' has been replaced by a script: >> > /sbin/ifdown: Bourne-Again shell script text executable [19:20:12] >> > /sbin/ifup [ Warning ] [19:20:12] Warning: The command '/sbin/ifup' has >> > been replaced by a script: /sbin/ifup: Bourne-Again shell script text >> > executable [19:20:52] Info: Rkhunter option ALLOW_SSH_ROOT_USER set to >> > 'no'. >> >[19:20:52] Checking if SSH root access is allowed [ Warning ] >> >[19:20:52] Warning: The SSH configuration option 'PermitRootLogin' has >> > not been set. The default value may be 'yes', to allow root access. [ >> >is this normal on FC6? >> > >> >-- >> >> Apparently so, that is what I get here, they are scripts. FC6 too. >> >> -- >> Cheers, Gene >> "There are four boxes to be used in defense of liberty: >> soap, ballot, jury, and ammo. Please use in that order." >> -Ed Howdershelt (Author) >> Lackland's Laws: >> (1) Never be first. >> (2) Never be last. >> (3) Never volunteer for anything > >thank's, appears normal then, >do you have any information about how a tmp directory shoud look like under > "normal" circumstances? > Not really, because every boxes usage varies. >(this box has mysql(not running at the time of ls -laR, tomcat(not running > right now), apache(not running right now). One user logged on (inetd off, > xinetd off, no sshd, no ftp, in other words the bare minimum to run a box > and gui) I don't run a lot of firewall stuffs on this box, I largely depend on another old box with 3 nics in it, running the latest registered dd-wrt built for x86. Best kept firewall/router secret in the business AFAIC. And I haven't been touched but 3 times in 4 years of a 24/7 dsl hookup. They made it to the log from iptables on a box I did use for that but haven't booted in a year now. And that's as far as they got before I simply disappeared from their view of the net. portsentry, iptables and tcpwrapper can make a pretty bulletproof system s you don't have to worry about it. But dd-wrt beats that IMO. -- Cheers, Gene "There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order." -Ed Howdershelt (Author) "I'm a bastard, and proud of it !" - Linus Torvalds
