Re: Is my system compromised
On Friday 03 February 2006 13:24, Hugo Vanwoerkom wrote:
>Gene Heskett wrote:
>> On Friday 03 February 2006 12:24, Ben Meijering wrote:
>>> Hi,
>>>
>>> I am kindy new to using Debian and was wondering if anyone could
>>> help me.
>>> I was looking in my /etc/rc2.d directory to see what kind of
>>> services were installed on my server.
>>>
>>> The contents of my rc2.d directory is as follows
>>>
>>> S10distwatchd S20courier-authdaemon S20nfs-kernel-server S89cron
>>> S10sysklogd S20courier-pop S20pptpd
>>> S89watchd S11klogd S20courier-pop-ssl S20samba
>>> S91apache S14ppp S20exim S20ssh
>>> S91apache-ssl
>>> S15bind9 S20inetd S21nfs-common
>>> S99rmnologin S15lwresd S20lpd S23killd
>>> S99stop-bootlogd
>>> S18portmap S20makedev S50proftpd
>>> S19sshd S20mysql S89atd
>>>
>>> I couldn't find a man page for distwatchd and just tried to run it
>>> which gave the following result :
>>>
>>> benspagina:/etc/rc2.d# /etc/init.d/distwatchd
>>>
>>>
>>> FUCK: Got signal 11 while manipulating kernel!
>>>
>>> Searching for this last sentence I found all sorts of pages talking
>>> about compromised servers.
>>> So I downloaded chkrootkit, but this said my system was clean.
>>>
>>> Is there a chance my system is compromised?
>>
>> I'd have my doubts although chkrootkit is getting a bit long in the
>> tooth now. I'd druther think distwatchd might not be properly
>> configured.
>
>But how come I find no google hits at all for distwatchd?
>
Dunno, but I think we've just made one. :) I'll bow out because I
suspect this is a debian only issue, that someone more fam with debian
attempt to answer with authority.
>H
--
Cheers, Gene
People having trouble with vz bouncing email to me should add the word
'online' between the 'verizon', and the dot which bypasses vz's
stupid bounce rules. I do use spamassassin too. :-)
Yahoo.com and AOL/TW attorneys please note, additions to the above
message by Gene Heskett are:
Copyright 2006 by Maurice Eugene Heskett, all rights reserved.
Reply to: