Re: Is my system compromised
On Friday 03 February 2006 13:24, Hugo Vanwoerkom wrote:
>Gene Heskett wrote:
>> On Friday 03 February 2006 12:24, Ben Meijering wrote:
>>> I am kindy new to using Debian and was wondering if anyone could
>>> help me.
>>> I was looking in my /etc/rc2.d directory to see what kind of
>>> services were installed on my server.
>>> The contents of my rc2.d directory is as follows
>>> S10distwatchd S20courier-authdaemon S20nfs-kernel-server S89cron
>>> S10sysklogd S20courier-pop S20pptpd
>>> S89watchd S11klogd S20courier-pop-ssl S20samba
>>> S91apache S14ppp S20exim S20ssh
>>> S15bind9 S20inetd S21nfs-common
>>> S99rmnologin S15lwresd S20lpd S23killd
>>> S18portmap S20makedev S50proftpd
>>> S19sshd S20mysql S89atd
>>> I couldn't find a man page for distwatchd and just tried to run it
>>> which gave the following result :
>>> benspagina:/etc/rc2.d# /etc/init.d/distwatchd
>>> FUCK: Got signal 11 while manipulating kernel!
>>> Searching for this last sentence I found all sorts of pages talking
>>> about compromised servers.
>>> So I downloaded chkrootkit, but this said my system was clean.
>>> Is there a chance my system is compromised?
>> I'd have my doubts although chkrootkit is getting a bit long in the
>> tooth now. I'd druther think distwatchd might not be properly
>But how come I find no google hits at all for distwatchd?
Dunno, but I think we've just made one. :) I'll bow out because I
suspect this is a debian only issue, that someone more fam with debian
attempt to answer with authority.
People having trouble with vz bouncing email to me should add the word
'online' between the 'verizon', and the dot which bypasses vz's
stupid bounce rules. I do use spamassassin too. :-)
Yahoo.com and AOL/TW attorneys please note, additions to the above
message by Gene Heskett are:
Copyright 2006 by Maurice Eugene Heskett, all rights reserved.