Re: Is my system compromised
On Fri, 03 Feb 2006 13:17:52 -0500
Gene Heskett <gene.heskett@verizon.net> wrote:
> On Friday 03 February 2006 12:24, Ben Meijering wrote:
> >Hi,
> >
> >I am kindy new to using Debian and was wondering if anyone could help
> >me.
> >I was looking in my /etc/rc2.d directory to see what kind of services
> >were installed on my server.
> >
> >The contents of my rc2.d directory is as follows
> >
> >S10distwatchd S20courier-authdaemon S20nfs-kernel-server S89cron
> >S10sysklogd S20courier-pop S20pptpd S89watchd
> >S11klogd S20courier-pop-ssl S20samba S91apache
> >S14ppp S20exim S20ssh
> >S91apache-ssl
> >S15bind9 S20inetd S21nfs-common
> > S99rmnologin S15lwresd S20lpd S23killd
> >S99stop-bootlogd
> >S18portmap S20makedev S50proftpd
> >S19sshd S20mysql S89atd
> >
> >I couldn't find a man page for distwatchd and just tried to run it
> > which gave the following result :
> >
> >benspagina:/etc/rc2.d# /etc/init.d/distwatchd
> >
> >
> >FUCK: Got signal 11 while manipulating kernel!
> >
> >Searching for this last sentence I found all sorts of pages talking
> >about compromised servers.
> >So I downloaded chkrootkit, but this said my system was clean.
> >
> >Is there a chance my system is compromised?
>
> I'd have my doubts although chkrootkit is getting a bit long in the
> tooth now. I'd druther think distwatchd might not be properly
> configured.
A quick google on 'distwatchd' has NO hits
'distwatch' seems to be about www.distwatch.com
You might want to have a look at that script...
Andrei
--
If you can't explain it simply, you don't understand it well enough. (Albert Einstein)
Reply to: