Re: logcheck gaps in time
hi ya jiji
> - rebooted which should take care of cron / syslogd / logcheck.sh not running
> - apt-get --reinstall install logcheck just in case
> - hacker? that is my fear. How can I find evidence that the @#$@ is in there?
-- what changed since the last time logcheck was working...
- maybe something broke or something got installed differently/wrong ???
otherwise... look for directories/files you dont recognize...
simple/silly/stupid/fast test is:
find / -mtime -4 -ls | grep -v /proc
- changes in the last 4 days....
you should be able to recognize all files/directories listed ...
if you have a deb db or tripwire running, that would make it easier
to check ... i donno the deb-way...
if its NOT a hacker and you didn't find any unknown/modified files...
- you could have a really good hacker/cracker in there..
- you could have found a bug in logcheck or something ???
- if you dont mind.. you can post the list of "unknown files"...maybe
someone will recognize ti as being the culprit of your logcheck
symptoms
c ya
alvin
> On Mon, Jun 04, 2001 at 03:24:05PM -0700, Alvin Oga wrote:
> >
> > hi jiji
> >
> > you probably have a problem with:
> > - check cron ( restart it even if its running
> > - check syslogd ( restart it even if its running
> > - run logcheck.sh manually and see if than reports your status
> > since the last time
> >
> > - what happend since the June 1st...you get any posts/reports
> > from logcheck
> >
> > - you have a hacker/cracker that is updating/erasing your log files
> > trying to hide themself
> >
Reply to: