[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] kofa\r and kofif\r in base directory.

Subject: Re: [cobalt-users] kofa\r and kofif\r in base directory.
From: flash22@xxxxxxx
Date: Sat Feb 24 15:42:13 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

On Sat, 24 Feb 2001, Jim Hagani wrote:

> Feb 23 18:49:08 ns kernel: TCP: Hash tables configured (ehash 65536 bhash
> 65536
> Feb 23 18:50:09 ns PAM_pwdb[1020]: (su) session opened for user postgres by
> (uid=0)
> Feb 23 18:50:11 ns PAM_pwdb[1020]: (su) session closed for user postgres
> Feb 23 18:50:28 ns sshd2[1148]: Listener created on port 22.
> 
> I do not have a user "postgres", and it looks like someone opened a listener
> on my port 22. But I do not telnet at all. Can I add port 22 to portsentry
> list of ports to check?

Well, if you insist on fixing it ;) possibly a sshd started in one of
the init files, set to 'postgres' user so you won't notice....

You can't add to portsentry till you remove the sshd ,
 it already owns the port...

look in your password files, you probably have
some interesting changes there too ;0

(not to mention the rest of the filesystem....)

at least get chkrootkit , it's a small start....

gsh

Follow-Ups:
- Re: [cobalt-users] kofa\r and kofif\r in base directory.
  - From: Jim Hagani

References:
- Re: [cobalt-users] kofa\r and kofif\r in base directory.
  - From: Jim Hagani

Prev by Date: RE: [cobalt-users] Using a RaQ as a Host
Next by Date: RE: [cobalt-users] Real Time Log Traffic Analyzer-ntop
Previous by thread: RE: [cobalt-users] Control Panel
Next by thread: Re: [cobalt-users] kofa\r and kofif\r in base directory.

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index