[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] Syslogd in Sbin shows system file and with 0 bytes ?
- Subject: Re: [cobalt-users] Syslogd in Sbin shows system file and with 0 bytes ?
- From: "Larry E. Smith" <lesmith@xxxxxxxxxxxxxx>
- Date: Wed Dec 26 06:03:01 2001
- List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>
Arora,
It appears that everyone is "missing" the key element in your
posting.
> -r-sr-xr-x 1 root root 0 Dec 2 01:41 syslogd
According to this the SIZE of syslogd is ZERO - meaning there
is a 90 percent or better chance that your server has been
hacked.
Use the "lsattr" command to review the "extended" permissions
on the file /sbin/syslogd. Then you can use "chattr" to change
the "extended" permissions so you can remove the file and
replace it with a valid copy of syslogd. On my raq4 this is
what I get for an "ls -l /sbin/syslogd":
-rwxr-xr-x 1 root root 27112 Sep 26 2000 /sbin/syslogd
And this is what I get with "lsattr /sbin/syslogd":
-------- /sbin/syslogd
Meaning that there are "no" extended permissions on this file
(or should not be).
Again, I would check other things and determine if in fact
your box has been hacked....
Sorry.....
Larry Smith
SysAD ECSIS.NET
sysad@xxxxxxxxx
On Wed, Dec 26, 2001 at 01:06:10AM -0600, David Lucas wrote:
> Are you logging in as admin or root?
>
> At 12:10 AM 12/26/2001, you wrote:
> >Dear Stuart,
> >
> >I tried that and its not working , After that only I found this
> >
> > > -r-sr-xr-x 1 root root 0 Dec 2 01:41 syslogd
> >
> >Which is not correct . Any Solutions How can I remove this file ?
> >
> >Regards,
> >Arora,Hemant
> >
> >
> >-----Original Message-----
> >From: cobalt-users-admin@xxxxxxxxxxxxxxx
> >[mailto:cobalt-users-admin@xxxxxxxxxxxxxxx] On Behalf Of Stuart Low
> >Sent: Wednesday, December 26, 2001 11:02 AM
> >To: cobalt-users@xxxxxxxxxxxxxxx
> >Subject: Re: [cobalt-users] Syslogd in Sbin shows system file and with 0
> >bytes ?
> >
> >
> >Tried /etc/rc.d/init.d/syslog* restart ?
> >
> >Stuart
> >----- Original Message -----
> >From: <hemant@xxxxxxxxxxxx>
> >To: <cobalt-users@xxxxxxxxxxxxxxx>
> >Sent: Wednesday, December 26, 2001 3:00 PM
> >Subject: [cobalt-users] Syslogd in Sbin shows system file and with 0 bytes ?
> >
> >
> > > Dear All,
> > > In cobalt RAQ4 , Few days back the syslogd stopped working and after
> >searching what happened I find the below :
> > >
> > > -r-sr-xr-x 1 root root 0 Dec 2 01:41 syslogd
> > >
> > > I cannot remove this file so that I can install the newer version.
> > >
> > > Is there any way I can get rid of this and get my syslog working ?
> > >
> > > Thanks and Regards,
> > > Arora,Hemant
> > >
> > >
> > >
> > > --------------------------------------------------------------------
> > > mail2web - Check your email from the web at http://mail2web.com/ .
> > >
> > > _______________________________________________
> > > cobalt-users mailing list
> > > cobalt-users@xxxxxxxxxxxxxxx
> > > To Subscribe or Unsubscribe, please go to:
> > > http://list.cobalt.com/mailman/listinfo/cobalt-users
> > >
> > >
> >
> >_______________________________________________
> >cobalt-users mailing list
> >cobalt-users@xxxxxxxxxxxxxxx
> >To Subscribe or Unsubscribe, please go to:
> >http://list.cobalt.com/mailman/listinfo/cobalt-users
> >
> >--------------------------------------------------------------------
> >mail2web - Check your email from the web at
> >http://mail2web.com/ .
> >
> >_______________________________________________
> >cobalt-users mailing list
> >cobalt-users@xxxxxxxxxxxxxxx
> >To Subscribe or Unsubscribe, please go to:
> >http://list.cobalt.com/mailman/listinfo/cobalt-users
>
> _______________________________________________
> cobalt-users mailing list
> cobalt-users@xxxxxxxxxxxxxxx
> To Subscribe or Unsubscribe, please go to:
> http://list.cobalt.com/mailman/listinfo/cobalt-users