[prev in list] [next in list] [prev in thread] [next in thread]
List: suse-linux
Subject: Re: Intrusion?
From: Waldemar Brodkorb <waldemar () thinknow ! de>
Date: 2001-11-23 21:47:42
[Download RAW message or body]
Hallo Dieter,
>From the keyboard of Dieter,
> Hi,
>
> habe beim durchsehen meiner logfiles folgendes entdeckt, daß mich äußerst
> stutzig machte:
>
> Nov 20 03:00:01 server named[707]: starting (/etc/named.conf). named
> 8.2.4-REL Thu Sep 20 04:20:40 GMT 2001
> root@knox:/usr/src/packages/BUILD/bind8-8.2.4/bin/named
> Nov 20 03:00:02 server named[707]: master zone "localhost" (IN) loaded
> (serial 42)
> Nov 20 03:00:02 server named[707]: master zone "0.0.127.in-addr.arpa" (IN)
> loaded (serial 42)
> Nov 20 03:00:02 server named[707]: master zone "franzke-online" (IN) loaded
> (serial 2001090700)
> Nov 20 03:00:02 server named[707]: master zone "0.168.192.in-addr.arpa" (IN)
> loaded (serial 2001090700)
> Nov 20 03:00:02 server named[707]: hint zone "" (IN) loaded (serial 0)
> Nov 20 03:00:02 server named[707]: listening on [127.0.0.1].53 (lo)
> Nov 20 03:00:02 server named[707]: listening on [192.168.0.100].53 (eth0)
> Nov 20 03:00:02 server named[707]: Forwarding source address is
> [0.0.0.0].32768
> Nov 20 03:00:02 server named[712]: group = named
> Nov 20 03:00:02 server named[712]: user = named
> Nov 20 03:00:02 server named[712]: Ready to answer queries.
> Nov 20 03:00:04 server su: (to postgres) root on /dev/console
> Nov 20 03:00:04 server PAM-unix2[802]: session started for user postgres,
> service su
> M2D)*0<`U8Nov 20 03:07:37 server syslogd 1.4.1: restart.
>
> Sieht nicht gut aus.
> Wer kann mir auf die Sprünge helfen.
Check mal alle CronJobs oder Logrotate Dateien.
Punkt 3:00 Uhr, wird der Nameserver restartet und ein su von
root nach postgres vollzogen, um wahrscheinlich weitere Logs zu
rotaten und dann wird der Syslog restartet.
bye
Waldemar
--
Are your questions smart enough?
http://www.tuxedo.org/~esr/faqs/smart-questions.html
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic