[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] Hacked?? Help!!

Subject: Re: [cobalt-users] Hacked?? Help!!
From: Wayne Sagar <wsagar@xxxxxxxx>
Date: Wed Apr 18 16:12:09 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

Hi Gerald,

>The .s.PGSQL.5583 is normal. Cobalt uses postgreSQL, so don't let that
>worry you. These files are really in /home/tmp, /tmp is a ln
>mysql and php also use this directory.
>So, I think that is normal.
>Maybe it was active monitor, that was connected, although I think that
>normally is in the log-files.

Bad night for the list archives to be down! I know the postgreSQL is
supposed to be in there but there is, I believe something going on anyway..
For sure something is going on.. what, I'm not sure... but I did just
happen to manage to pick the right time to log in and do a netstat and see
the telnet user conencted.. whoever it was bailed as soon as I logged in..
but they were in there.. 

Now my logcheck report shows an su login by user name postgres.. This is
what worries me.. I've never seen this entry before and I do check every
report that comes in... Is postgres supposed to be a user with su privleges?

So now.. how to find the "phantom" telnet server... Sometimes stuff like
this makes one wonder if all this is worth the effort....

gaaa!!!
Wayne

Prev by Date: Re: [cobalt-users] ![MASTER-CD]!
Next by Date: [cobalt-users] NameVirtualHost change?
Previous by thread: Re: [cobalt-users] Hacked?? Help!!
Next by thread: [cobalt-users] RaQ vs Something Else

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index