Re: Is my system compromised
On Fri, Feb 03, 2006 at 06:24:02PM +0100, Ben Meijering wrote:
[snip]
> I was looking in my /etc/rc2.d directory to see what kind of services
> were installed on my server.
>
> The contents of my rc2.d directory is as follows
>
> S10distwatchd S20courier-authdaemon S20nfs-kernel-server S89cron
> S10sysklogd S20courier-pop S20pptpd S89watchd
> S11klogd S20courier-pop-ssl S20samba S91apache
> S14ppp S20exim S20ssh
> S91apache-ssl
> S15bind9 S20inetd S21nfs-common S99rmnologin
> S15lwresd S20lpd S23killd
> S99stop-bootlogd
> S18portmap S20makedev S50proftpd
> S19sshd S20mysql S89atd
>
> I couldn't find a man page for distwatchd and just tried to run it which
> gave the following result:
You *probably* should have less'd the file and not just executed it.
You also could send the contents of the file in question, for review.
> benspagina:/etc/rc2.d# /etc/init.d/distwatchd
>
>
> FUCK: Got signal 11 while manipulating kernel!
>
> Searching for this last sentence I found all sorts of pages talking
> about compromised servers.
>
> Is there a chance my system is compromised?
You can try tiger...
sudo apt-get update
sudo apt-get install tiger
sudo tiger
Reply to: