[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] POP 3 stopped suddenly

Subject: Re: [cobalt-users] POP 3 stopped suddenly
From: "Gilles Dumangin" <gilles_dumangin@xxxxxxxxxxx>
Date: Mon Feb 19 02:14:17 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

/usr/sbin/in.qpopper
(it won't do anything, i just wanna see if you get an error)

[root@raq3 /]# /usr/sbin/in.qpopper

did not produce any errors

Either inetd lost this in it's config, or the binary is bad, neither
should happen by itself

also try these to see if you have any of these weird files
locate crtz
locate /ava
locate adore
locate nscan
locate rpcscan
locate \.\.\.
locate security/\.c
locate /xlogin
file in.qpopper
locate \.sh$
locate scan.log
locate cleaner


[root@raq3 /]# locate crtz
[root@raq3 /]# locate /ava
/usr/share/terminfo/a/avatar0
/usr/share/terminfo/a/avatar0+
/usr/share/terminfo/a/avatar1
/usr/share/terminfo/a/avatar
[root@raq3 /]# locate adore
[root@raq3 /]# locate nscan
/usr/bin/duarawkz/dua.synscan
[root@raq3 /]# locate rpcsan
[root@raq3 /]# locate \.\.\.
[root@raq3 /]# locate security/\.c
[root@raq3 /]# locate /xlogin
[root@raq3 /]# file in.qpopper
in.qpopper: can't stat `in.qpopper' (No such file or directory).
[root@raq3 /]# locate \.sh$
[root@raq3 /]# locate scan.log
[root@raq3 /]# locate cleaner

(the followinf 2 should fail)
file /usr/sbin/init
file /usr/bin/ssh*


[root@raq3 /]# file /usr/sbin/init
/usr/sbin/init: can't stat `/usr/sbin/init' (No such file or directory).
[root@raq3 /]# file /usr/sbin/ssh*
/usr/sbin/ssh*: can't stat `/usr/sbin/ssh*' (No such file or directory).

(want dates)
ls -l /etc/inetd.conf
ls -l /etc/rc.d/init.d/*
(you will get a lot of stuff from that)


[root@raq3 /]# ls -l /etc/inetd.conf
-rw-r--r--   1 root     root         2927 Feb 19 07:27 /etc/inetd.conf
[root@raq3 /]# ls -l /etc/rc.d/init.d/
-rwxr-xr-x   1 root     root         1439 Nov  2  1999 admserv
-rwxr-xr-x   1 root     root          897 Feb 14 14:49 arkeia
-rwxr-xr-x   1 root     root         1800 Nov  2  1999 atalk
-rwxr-xr-x   1 root     root         1202 Nov  2  1999 bwmgmt
-rwxr-xr-x   1 root     root         1031 Aug 27  1999 crond
-rwxr-xr-x   1 root     root          861 Oct 27  1999 dhcpd
-rwxr-xr-x   1 root     root         4704 Nov  2  1999 functions
-rwxr-xr-x   1 root     root         1520 Nov  2  1999 halt
-rwxr-xr-x   1 root     root         1567 Nov  2  1999 httpd
-rwxr-xr-x   1 root     root         1481 Nov  2  1999 inet
-rwxr-xr-x   1 root     root          446 Nov  2  1999 killall
-rwxr-xr-x   1 root     root          304 Oct  9 23:33 lcd-showip
-rwxr-xr-x   1 root     root          759 Oct  9 23:33 lcdsleep.init
-rwxr-xr-x   1 root     root         2789 Oct 20 12:07 mysql
-rwxr-xr-x   1 root     root         1573 Jan 27 10:32 named
-rwxr-xr-x   1 root     root         1975 Nov  2  1999 network
-rwxr-xr-x   1 root     root          898 May  9  2000 networker
-rwxr-xr-x   1 root     root         2257 Jul 17  2000 nfs
-rwxr-xr-x   1 root     root          708 Nov  2  1999 nfsfs
-rwxr-xr-x   1 root     root         1722 Jul 17  2000 nfslock
-rwxr-xr-x   1 root     root          984 Nov  2  1999 portmap
-rwxr-xr-x   1 root     root         2340 Nov  2  1999 postgresql
-rwxr-xr-x   1 root     root         1988 Nov  2  1999 quota
-rwxr-xr-x   1 root     root          885 Nov  2  1999 random
-rwxr-xr-x   1 root     root         1096 Nov  2  1999 sendmail
-rwxr-xr-x   1 root     root          785 Nov  2  1999 single
-rwxr-xr-x   1 root     root          460 Nov  2  1999 skeleton
-rwxr-xr-x   1 root     root          881 Nov  2  1999 smb
-rwxr-xr-x   1 root     root          991 Nov  2  1999 snmpd
-rwxr-xr-x   1 root     root         2549 Nov  2  1999 storage
-rwxr-xr-x   1 root     root          923 Oct  7 01:35 syslog
-rw-r--r--   1 root     root          923 May 15  2000 syslog.master
-rwxr-xr-x   1 root     root         1625 Sep 27 22:27 ups
-rwxr-xr-x   1 root     root         1103 Apr 15  1999 xntpd

grep sshd /etc/inetd.conf
grep pop /etc/inetd.conf
grep grep /sh /etc/inetd.conf


[root@raq3 /]# grep sshd /etc/inetd.conf
[root@raq3 /]# grep pop /etc/inetd.conf
[root@raq3 /]# grep grep /sh /etc/inetd.conf
grep: /sh: No such file or directory

mail me /etc/inetd.conf, i think you got hacked, also see if you can run

Here is the inted.conf

#
# inetd.conf	This file describes the services that will be available
#		through the INETD TCP/IP super server.  To re-configure
#		the running INETD process, edit this file, then send the
#		INETD process a SIGHUP signal.
#
#
# Authors:	Original taken from BSD UNIX 4.3/TAHOE.
#		Fred N. van Kempen, <waltje@xxxxxxxxxxxxxxxxxxx>
#
# Modified for Debian Linux by Ian A. Murdock <imurdock@xxxxxxxxxxxxxxxx>
#
# Modified for RHS Linux by Marc Ewing <marc@xxxxxxxxxx>
#
# <service_name> <sock_type> <proto> <flags> <user> <server_path> <args>
#
# Echo, discard, daytime, and chargen are used primarily for testing.
#
# To re-read this file after changes, just do a 'killall -HUP inetd'
#
#echo	stream	tcp	nowait	root	internal
#echo	dgram	udp	wait	root	internal
#discard	stream	tcp	nowait	root	internal
#discard	dgram	udp	wait	root	internal
#daytime	stream	tcp	nowait	root	internal
#daytime	dgram	udp	wait	root	internal
#chargen	stream	tcp	nowait	root	internal
#chargen	dgram	udp	wait	root	internal
#time	stream	tcp	nowait	root	internal
#time	dgram	udp	wait	root	internal
#
# These are standard services.
#
ftp	stream	tcp	nowait	root	/usr/sbin/tcpd	in.proftpd
telnet	stream  tcp 	nowait  root    /usr/sbin/tcpd	in.telnetd
#
# Shell, login, exec, comsat and talk are BSD protocols.
#
#shell	stream	tcp	nowait	root	/usr/sbin/tcpd	in.rshd
#login	stream	tcp	nowait	root	/usr/sbin/tcpd	in.rlogind
#exec	stream	tcp	nowait	root	/usr/sbin/tcpd	in.rexecd
#comsat	dgram	udp	wait	root	/usr/sbin/tcpd	in.comsat
#talk	dgram	udp	wait	root	/usr/sbin/tcpd	in.talkd
#ntalk	dgram	udp	wait	root	/usr/sbin/tcpd	in.ntalkd
#dtalk	stream	tcp	waut	nobody	/usr/sbin/tcpd	in.dtalkd
#
# Pop and imap mail services et al
#
imap    stream  tcp     nowait  root    /usr/sbin/tcpd	imapd
#
# The Internet UUCP service.
#
#uucp	stream	tcp	nowait	uucp	/usr/sbin/tcpd	/usr/lib/uucp/uucico	-l
#
# Tftp service is provided primarily for booting.  Most sites
# run this only on machines acting as "boot servers." Do not uncomment
# this unless you *need* it.
#
#tftp	dgram	udp	wait	root	/usr/sbin/tcpd	in.tftpd
#bootps	dgram	udp	wait	root	/usr/sbin/tcpd	bootpd
#
# Finger, systat and netstat give out user information which may be
# valuable to potential "system crackers."  Many sites choose to disable
# some or all of these services to improve security.
#
#finger	stream	tcp	nowait	root	/usr/sbin/tcpd	in.fingerd
#cfinger stream	tcp	nowait	root	/usr/sbin/tcpd	in.cfingerd
#systat	stream	tcp	nowait	guest	/usr/sbin/tcpd	/bin/ps	-auwwx
#netstat	stream	tcp	nowait	guest	/usr/sbin/tcpd	/bin/netstat	-f inet
#
# Authentication
#

#auth stream tcp nowait nobody /usr/sbin/in.identd in.identd -l-e -o

#
# End of inetd.conf
#swat      stream  tcp     nowait.400      root /usr/sbin/swat swat

#interserver stream tcp nowait.100 root /usr/interclient/bin/interserverinterserverinterserver stream tcp nowait root /usr/interclient/bin/interserverinterserver




Thanks a lot for your help
_________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.

Follow-Ups:
- Re: [cobalt-users] POP 3 stopped suddenly
  - From: flash22
- Re: [cobalt-users] POP 3 stopped suddenly
  - From: flash22

Prev by Date: Re: [cobalt-users] Sunday Emailers
Next by Date: Re: [cobalt-users] RaQ3 Telnet Login Not Working
Previous by thread: Re: [cobalt-users] POP 3 stopped suddenly
Next by thread: Re: [cobalt-users] POP 3 stopped suddenly

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index