Re: Is my system compromised

To: debian-user@lists.debian.org
Subject: Re: Is my system compromised
From: Hugo Vanwoerkom <hvw59601@care2.com>
Date: Fri, 03 Feb 2006 12:02:57 -0600
Message-id: <[🔎] ds05sh$i3t$1@sea.gmane.org>
In-reply-to: <[🔎] 022901c628e6$a355b4d0$0b01a8c0@PCBENJR>
References: <[🔎] 022901c628e6$a355b4d0$0b01a8c0@PCBENJR>

Ben Meijering wrote:

Hi,

I am kindy new to using Debian and was wondering if anyone could help me.

I was looking in my /etc/rc2.d directory to see what kind of serviceswere installed on my server.

The contents of my rc2.d directory is as follows

S10distwatchd  S20courier-authdaemon  S20nfs-kernel-server  S89cron

S10sysklogd    S20courier-pop         S20pptpd              S89watchd

S11klogd       S20courier-pop-ssl     S20samba              S91apache

S14ppp         S20exim                S20ssh                S91apache-ssl

S15bind9       S20inetd               S21nfs-common         S99rmnologin

S15lwresd      S20lpd                 S23killd              S99stop-bootlogd

S18portmap     S20makedev             S50proftpd

S19sshd        S20mysql               S89atd

I couldn’t find a man page for distwatchd and just tried to run it whichgave the following result :

benspagina:/etc/rc2.d# /etc/init.d/distwatchd

FUCK: Got signal 11 while manipulating kernel!

Searching for this last sentence I found all sorts of pages talkingabout compromised servers.


So I downloaded chkrootkit, but this said my system was clean.

Is there a chance my system is compromised?



You did not mention what you are running.
Are you updating your system with the security updates?
Do you run a firewall?

H

Reply to:

References:
- Is my system compromised
  - From: Ben Meijering <ben@benspagina.cjb.net>

Prev by Date: Re: Is my system compromised
Next by Date: Re: Is my system compromised
Previous by thread: Re: Chinese censorship Re: Is my system compromised
Next by thread: Re: Is my system compromised
Index(es):
- Date
- Thread