similar to: Kernel modules listing

that only works when you are presuming that the host was not hacked already because i would clear those logs when i hacked a system :) but indeed it's a try, If you remain unsure, it is best to reinstall the system to be sure that a fresh and newly updated (yeah update it when installed :)) system is not compromised at that time.. loads of work, but it gives you some relief to know that

Also, try doing 'who /etc' or any other directory. -----Original Message----- From: Mike Jakubik [mailto:mikej@trigger.net] Sent: Friday, July 04, 2003 1:23 PM To: Stable Subject: RE: who am i root@ns1:~# who am i root ttyp1 Jul 4 13:20 (wettoast.org) root@ns1:~# login login: wettoast Password: Last login: Fri Jul 4 09:48:25 on ttyp1 Copyright (c) 1980, 1983, 1986,

Yeah but if you are uncertain about your own box my VERY STRONG advise is that you reinstall. IF your host is indeed owned, then you are a lot further away then just reinstalling, god knows what issues can arrise when a cracker exploits the system to do bogus tasks.. Then i say: Too bad for your time, sorry but it's like that -- Kind regards, Remko Lodder Elvandar.org/DSINet.org

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-06:01.texindex Security Advisory The FreeBSD Project Topic: Texindex temporary file privilege escalation Category: contrib Module: texinfo

This is.... odd. We're seeing a *lot* of sshd[8400]: Timeout, client not responding. So I'm trying to find out whose client is having issues. Trying to figure that, after processes are gone, I tried looking in lastlog, which is where it gets odd. lastlog shows root coming in, and it shows a security account coming in... years ago. I see one of our users logging in a goodly number of

https://bugzilla.mindrot.org/show_bug.cgi?id=1774 Summary: wtmp and lastlog on AIX Product: Portable OpenSSH Version: 5.5p1 Platform: All OS/Version: AIX Status: NEW Severity: normal Priority: P2 Component: Build system AssignedTo: unassigned-bugs at mindrot.org ReportedBy: defrayable at

I've noticed rather strange wtmp logging behavior in sshd. Can anyone confirm or solve the following: Once a user authenticates themself to sshd, sshd among other things records the login in the wtmp, which `last` reads. However, sshd logs hostnames which are longer than 16 characters instead of IPs like normal programs would. As a result, I have useless entries such as: tempest

The new login code works fine with AIX 4.3. Two nits, though. If --disable-lastlog is defined, the code still tries to slog through wtmp to determine the last login time. Is this a bug or a feature? If a feature, change the DISABLE_LASTLOG test below to WITH_AIXAUTHENTICATE. Also, a small typo in configure.in, plus an AIX tweak. --- configure.in.orig Thu Jun 8 21:58:35 2000 +++ configure.in Mon

Hi, I found a bug in all versions of SSH. I'll give you an example when the bug occurs. When I connect to a remote computer using 'ssh user at host.somewhere.in.th.net.com /bin/bash' (or /bin/tcsh) I log into the remote computer and SSHD doesn't log this in wtmp,utmp,secure and lastlog. It's *only* visible in /var/log/messages. That's all I want to tell You. I hope

Hi, A lot of the problems with openssh portability so far appear to be with the login record functionality, i.e. lastlog support, and variations on handling utmp vs. utmpx etc. Looking at for-profit SSH 1.2.27, login.c is rather embarassing spaghetti code, so laden with '#ifdef's it's almost impossible to read. OpenSSH's code isn't anything like that, but then it doesn't

Hi all, please, tell me about security of Darkstat. Is it good idea to install it on firewall/gateway ? I'd like to measure our company traffic, but I do not have Apache running on the gateway. How could I redirect Darkstat's output to web-server inside company ? Or is there some other tool, which can measure in/out traffic and send output to another machine ? I know MRTG, but it uses

Hello, I just installed the above openssh onto a Sun Solaris 7 and Solaris 8 system. No problem with that. However, I now seem to get some rubbish processed when I login with slogin. An example: Last login: Tue Jun 13 12:31:27 2000 from jhorne.csd.plymo:tJ` ^[[?1;2c Telnet logs in okay, but just shows 'Last login...jhorne.csd.plymo'. This seems to get passed to the shell, which it of

Hello, already checked the Mailinglist archive for HPUX Problems, but havent found exact this: ./configure --prefix=/opt --without-pam --with-ssl-dir=/opt/OpenSSL --with-lastlog=/var/adm/wtmp --with-egd-pool=/dev/entropy --with-tcp-wrappers --with-pid-dir=/var/run --sysconfdir=/etc/ssh and get after a make: gcc -O2 -Wall -D_HPUX_SOURCE -I/usr/local/include -I/opt/include

Hi all! wtmp entries are generated when loggin into a system without a command, e.g. "ssh -l user system". When using an additional command executed by ssh on the "other side", no wtmp entry will be generated. So the command "ssh -l user system /bin/csh" will not generate a wtmp entry but the user is logged in ... I have the problem right know. The users are starting

Greetings, I am seeing strange entries when i perform "last -20" for example. Here's a sample output becuase I can not seem to make any sense out of this in the last two days and can't find any information online. Any help is appreciated. 0 F=?Bttyp Wed Dec 31 16:00 still logged in 0 6??Bttyp Wed Dec 31 16:00

Hi all again, I must add, there are no log entries after June 9, 2004. "LKM" message first apeared June 8, 2004, after this day, there is nothing in /var/messages, /var/security ..... How could I look for suspicious LKM module ? How could I find it, if the machine is hacked and I can not believe "ls", "find" etc. commands ? Peter Rosa

There are a couple of bugs in the openssh-3.7.1p2. The aix_setauthdb function does not work with other types of authentication such as AFS/DFS. The loginfailed test in configure is not correct. Also, AIX can use the wtmp logging which I added in configure. Attached is the patch. Thanks, Matt Richards -------------- next part -------------- *** openssh-3.7.1p2/openbsd-compat/port-aix.c Mon Jul 14

Hi, I have a 4.9-STABLE FreeBSD box apparently hacked! Yesterday I ran chkrootkit-0.41 and I don't like some of the outputs. Those are: chfn ... INFECTED chsh ... INFECTED date ... INFECTED ls ... INFECTED ps ... INFECTED But all the rest is NOT PROMISC, NOT INFECTED, NOTHING FOUND, NOTHING DELETED, or NOTHING DETECTED. I know by the FreeBSD-Security archives that

https://bugzilla.mindrot.org/show_bug.cgi?id=2499 Bug ID: 2499 Summary: It would be nice to have a tool to manage ssh connections Product: Portable OpenSSH Version: 7.1p1 Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 Component: sshd

Hi all, I'm just setup a new freebsd to be a ftp server. ftp-ing from localhost was success, but when i was trying to ftp from other ip, got result "Connection closed by remote host." Kernel already configure with firewall (with options FIREWALL_DEFAULT_TO_ACCEPT). rc.conf file already contain "firewall_type=open". What could be the problem? I can seem to solve this