[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Is my system compromised

On Friday 03 February 2006 13:24, Hugo Vanwoerkom wrote:
>Gene Heskett wrote:
>> On Friday 03 February 2006 12:24, Ben Meijering wrote:
>>> Hi,
>>> I am kindy new to using Debian and was wondering if anyone could
>>> help me.
>>> I was looking in my /etc/rc2.d directory to see what kind of
>>> services were installed on my server.
>>> The contents of my rc2.d directory is as follows
>>> S10distwatchd  S20courier-authdaemon  S20nfs-kernel-server  S89cron
>>> S10sysklogd    S20courier-pop         S20pptpd             
>>> S89watchd S11klogd       S20courier-pop-ssl     S20samba           
>>>   S91apache S14ppp         S20exim                S20ssh
>>> S91apache-ssl
>>> S15bind9       S20inetd               S21nfs-common
>>> S99rmnologin S15lwresd      S20lpd                 S23killd
>>> S99stop-bootlogd
>>> S18portmap     S20makedev             S50proftpd
>>> S19sshd        S20mysql               S89atd
>>> I couldn't find a man page for distwatchd and just tried to run it
>>> which gave the following result :
>>> benspagina:/etc/rc2.d# /etc/init.d/distwatchd
>>> FUCK: Got signal 11 while manipulating kernel!
>>> Searching for this last sentence I found all sorts of pages talking
>>> about compromised servers.
>>> So I downloaded chkrootkit, but this said my system was clean.
>>> Is there a chance my system is compromised?
>> I'd have my doubts although chkrootkit is getting a bit long in the
>> tooth now.  I'd druther think distwatchd might not be properly
>> configured.
>But how come I find no google hits at all for distwatchd?
Dunno, but I think we've just made one. :)  I'll bow out because I 
suspect this is a debian only issue, that someone more fam with debian 
attempt to answer with authority.


Cheers, Gene
People having trouble with vz bouncing email to me should add the word
'online' between the 'verizon', and the dot which bypasses vz's
stupid bounce rules.  I do use spamassassin too. :-)
Yahoo.com and AOL/TW attorneys please note, additions to the above
message by Gene Heskett are:
Copyright 2006 by Maurice Eugene Heskett, all rights reserved.

Reply to: