Re: Is my system compromised

[Hugo Vanwoerkom <hvw59601@care2.com>]

Gene Heskett wrote:
> On Friday 03 February 2006 12:24, Ben Meijering wrote:
> > Hi,
> >
> > I am kindy new to using Debian and was wondering if anyone could help
> > me.
> > I was looking in my /etc/rc2.d directory to see what kind of services
> > were installed on my server.
> >
> > The contents of my rc2.d directory is as follows
> >
> > S10distwatchd  S20courier-authdaemon  S20nfs-kernel-server  S89cron
> > S10sysklogd    S20courier-pop         S20pptpd              S89watchd
> > S11klogd       S20courier-pop-ssl     S20samba              S91apache
> > S14ppp         S20exim                S20ssh
> > S91apache-ssl
> > S15bind9       S20inetd               S21nfs-common        
> > S99rmnologin S15lwresd      S20lpd                 S23killd
> > S99stop-bootlogd
> > S18portmap     S20makedev             S50proftpd
> > S19sshd        S20mysql               S89atd
> >
> > I couldn't find a man page for distwatchd and just tried to run it
> > which gave the following result :
> >
> > benspagina:/etc/rc2.d# /etc/init.d/distwatchd
> >
> >
> > FUCK: Got signal 11 while manipulating kernel!
> >
> > Searching for this last sentence I found all sorts of pages talking
> > about compromised servers.
> > So I downloaded chkrootkit, but this said my system was clean.
> >
> > Is there a chance my system is compromised?
>
> I'd have my doubts although chkrootkit is getting a bit long in the 
> tooth now.  I'd druther think distwatchd might not be properly 
> configured.

But how come I find no google hits at all for distwatchd?

H