[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-users] HaQ'd? Or not? Lion tracks...

Subject: RE: [cobalt-users] HaQ'd? Or not? Lion tracks...
From: "Jay Jennings" <jennings@xxxxxxxxxx>
Date: Thu Apr 5 03:25:01 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

> - root's crontab has a line to run /usr/sbin/init every 5 minutes
> - there is a /usr/sbin/init file (normally isn't)
> - Do a search for files owned by group 'wheel' (infected files if
> got in via
> named)
> - /usr/bin/xcat (old /bin/login)
> - /bin/login is chattr +i'd (use lsattr to list attributes)
> - file called /etc/named/a that is a little script
> - turn off named, and run: netstat -tan |grep LISTEN .. if you see port 53
> still open, it's bad.. heh..

Okay, all that stuff came up negative, so I guess I'll assume I wasn't
successfully HaQ'd this time. But I'll keep an eye on things for a while...
:)

 ..jj..

References:
- RE: [cobalt-users] HaQ'd? Or not? Lion tracks...
  - From: Kennedy, Robert

Prev by Date: Re: [cobalt-users] problems with Qube3 (was Macintosh, AppleShare IP Users)
Next by Date: Re: [cobalt-users] One FTP user, access to selected virtual-sites-OOPS
Previous by thread: RE: [cobalt-users] HaQ'd? Or not? Lion tracks...
Next by thread: [cobalt-users] RE: RE: how to attach the signature for all outgoing mail

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index