[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] Address already in use (logfile messages ?)

Subject: Re: [cobalt-users] Address already in use (logfile messages ?)
From: "Herby K" <mad1.z@xxxxxxx>
Date: Tue Oct 8 03:22:00 2002
List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>

no such files
no such processes

chkrootkit also didnt show anything infekted the whole time

rgds,
Herby

----- Original Message -----
From: "Robin Edgar - Tripany" <red@xxxxxxxxxxx>
To: <cobalt-users@xxxxxxxxxxxxxxx>
Sent: Tuesday, October 08, 2002 12:38 PM
Subject: [cobalt-users] Address already in use (logfile messages ?)


> Look for the following files:
> /tmp/core/*
> /etc/cron.d/core
> /.sushi
> //tmp/.tmp/*
>
> And the following processes:
>
> httpd    10125     1  0 Aug29 ?        00:00:00 [sh]
> httpd    10658 10125  0 Aug29 ?        00:00:00 [backwget]
> httpd    10983 10125  0 Aug29 ?        00:01:24 sh raq4lrex.sh
>
> If you can find any of the above you have been hacked, and your startup
> scripts have been buggered. You can restore functionality by killing the
> above processes and starting the new ones, but beware: as soon as you
> reboot, you will not come up! You will have to go single user mode and
> reinstall the entire damn thing, followed by replacing your backups and
> running through all the upgrades by hand
>
> Good luck
> Robin Edgar
> Tripany
> ------------------------------
> From: "Herby K" <mad1.z@xxxxxxx>
> To: <cobalt-users@xxxxxxxxxxxxxxx>
> Date: Tue, 8 Oct 2002 09:10:15 +0200
> Subject: [cobalt-users] Address already in use (logfile messages ?)
> Reply-To: cobalt-users@xxxxxxxxxxxxxxx
>
> Hi there,
>
> as I have installed logcheck and get these reports by mail, I didnt check
> logfiles manually that often - but today morning, what is this crap all in
> my messages logfile? Is this due to a patch? My complete logfile is full
of
> these messages, hour by hour minute by minute.
>
> Oct  8 08:46:52 cr02 inetd[28654]: imap/tcp: bind: Address already in use
> Oct  8 08:46:52 cr02 inetd[28654]: pop-3/tcp: bind: Address already in use
> Oct  8 08:46:52 cr02 inetd[28654]: ftp/tcp: bind: Address already in use
> Oct  8 08:49:36 cr02 inetd[28110]: imap/tcp: bind: Address already in use
> Oct  8 08:49:36 cr02 inetd[28110]: pop-3/tcp: bind: Address already in use
> Oct  8 08:49:36 cr02 inetd[28110]: ftp/tcp: bind: Address already in use
> Oct  8 08:56:52 cr02 inetd[28654]: imap/tcp: bind: Address already in use
> Oct  8 08:56:52 cr02 inetd[28654]: pop-3/tcp: bind: Address already in use
> Oct  8 08:56:52 cr02 inetd[28654]: ftp/tcp: bind: Address already in use
> Oct  8 08:59:36 cr02 inetd[28110]: imap/tcp: bind: Address already in use
> Oct  8 08:59:36 cr02 inetd[28110]: pop-3/tcp: bind: Address already in use
> Oct  8 08:59:36 cr02 inetd[28110]: ftp/tcp: bind: Address already in use
>
> Any advice ?
>
> rgds,
> Herby
>
>

Follow-Ups:
- Re: [cobalt-users] Address already in use (logfile messages ?)
  - From: Fragga

References:
- [cobalt-users] Address already in use (logfile messages ?)
  - From: Robin Edgar - Tripany

Prev by Date: [cobalt-users] RE: Raq3 Mysterious Death & Backup Mystery
Next by Date: Re: [cobalt-users] RE: Raq3 Mysterious Death & Backup Mystery
Previous by thread: [cobalt-users] Address already in use (logfile messages ?)
Next by thread: Re: [cobalt-users] Address already in use (logfile messages ?)

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index