[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Is my system compromised

On Fri, 03 Feb 2006 13:17:52 -0500
Gene Heskett <gene.heskett@verizon.net> wrote:

> On Friday 03 February 2006 12:24, Ben Meijering wrote:
> >Hi,
> >
> >I am kindy new to using Debian and was wondering if anyone could help
> >me.
> >I was looking in my /etc/rc2.d directory to see what kind of services
> >were installed on my server.
> >
> >The contents of my rc2.d directory is as follows
> >
> >S10distwatchd  S20courier-authdaemon  S20nfs-kernel-server  S89cron
> >S10sysklogd    S20courier-pop         S20pptpd              S89watchd
> >S11klogd       S20courier-pop-ssl     S20samba              S91apache
> >S14ppp         S20exim                S20ssh
> >S91apache-ssl
> >S15bind9       S20inetd               S21nfs-common        
> > S99rmnologin S15lwresd      S20lpd                 S23killd
> >S99stop-bootlogd
> >S18portmap     S20makedev             S50proftpd
> >S19sshd        S20mysql               S89atd
> >
> >I couldn't find a man page for distwatchd and just tried to run it
> > which gave the following result :
> >
> >benspagina:/etc/rc2.d# /etc/init.d/distwatchd
> >
> >
> >FUCK: Got signal 11 while manipulating kernel!
> >
> >Searching for this last sentence I found all sorts of pages talking
> >about compromised servers.
> >So I downloaded chkrootkit, but this said my system was clean.
> >
> >Is there a chance my system is compromised?
> 
> I'd have my doubts although chkrootkit is getting a bit long in the 
> tooth now.  I'd druther think distwatchd might not be properly 
> configured.

A quick google on 'distwatchd' has NO hits
'distwatch' seems to be about www.distwatch.com

You might want to have a look at that script...

Andrei
-- 
If you can't explain it simply, you don't understand it well enough. (Albert Einstein)
Reply to: