Podozrenie z utoku ?
Juraj Hajka
jhajka na pal-inalfa.sk
Úterý Srpen 22 15:03:15 CEST 2000
Mam podozrenie z utoku na server s Redhat 6.2
Zistenie. Nieje mozne pouzivat sluzby samba a ftp. ( povodne som si myslel
ze je chyba vo wu-ftp ale chcel som rozchodit sambu a ta robi to iste bolo
riesene v konferencii ale bez vysledku)
Komunikacia prebehne OK. Ale nakoniec vypise po zadani hesla passwd
incorrect.
Sluzby mam spustene lokalne telnet a na Inete dns,web,mail,proxy a bolo aj
ftp.
adresar bol vytvoreny uzivatekom 711 zo skupiny users, v ktorom su dole
uvedene subory.
takeho uzivatela som vsak nikde nenasiel.
Vdaka vopred za kazdu radu.
[root na mail4 /]# ll
total 84
-rw------- 1 root root 32096 Jun 7 04:35 500
drwxr-xr-x 2 root root 2048 Jul 10 23:56 bin
drwxr-xr-x 3 root root 1024 Aug 22 10:58 boot
drwxr-xr-x 6 root root 34816 Aug 22 10:58 dev
drwxr-xr-x 37 root root 4096 Aug 22 10:58 etc
drwxr-xr-x 105 root root 4096 Aug 21 11:28 home
drwxr-xr-x 4 root root 3072 Jun 7 04:53 lib
drwxr-xr-x 2 root root 12288 Jun 20 09:39 lost+found
drwxr-xr-x 2 root root 0 Aug 22 10:58 misc
drwxr-xr-x 6 root root 1024 Oct 9 1998 mnt
drwxr-xr-x 2 root root 1024 Aug 23 1999 opt
dr-xr-xr-x 58 root root 0 Aug 22 2000 proc
drwxr-x--- 12 root root 1024 Aug 22 11:10 root
drwxr-xr-x 3 root root 3072 Jul 10 23:56 sbin
drwx------ 4 711 users 1024 Jul 10 23:56 spsn
drwxrwxrwt 4 root root 1024 Aug 22 11:34 tmp
drwxr-xr-x 22 root root 4096 Jul 31 10:19 usr
drwxr-xr-x 21 root root 1024 Aug 4 08:48 var
[root na mail4 /]# cd spsn
[root na mail4 /spsn]# ll
total 317
drwxr-xr-x 2 root root 1024 Jun 27 12:59 dev
-rwxr-xr-x 1 root root 5631 Jun 14 01:35 pg
-rwxr-xr-x 1 root root 211856 Jun 17 05:07 ssh.tgz
-rwxr-xr-x 1 root root 7382 Jul 9 19:52 t0rn
-rwxr-xr-x 1 root root 94542 May 5 22:35 tcpd.rpm
Další informace o konferenci Linux