Security Incidents mailing list archives
Linux Security
From: slam () THEGRID NET (slam () THEGRID NET)
Date: Wed, 22 Mar 2000 08:35:49 -0800
I was wondering if anyone could post a few sites for General Linux security tips..ie. Where to start, what to look at, log file analysis, where to run to etc. We recently were hit with ADMROCK but it didn't seem to do much except for create a couple of accounts and leave the directory. We have updated bind etc... but I'm wondering where to begin hunting for IP addresss of culprit. A general anlysis of /var/logs and I couldn't find any correlation to time of directory creation (ADMROCK) and /etc/passwd changes. I don't know if they were not able to get back in due to the PIX (which has also been updated now thanks to securityfocus)- but two accounts were created (own and owned) but never used nor passwords set. Thanks, Adam
Current thread:
- Scans from udel.edu and tue.nl Jose Nazario (Mar 21)
- Re: Scans from udel.edu and tue.nl Alexandru Popa (Mar 22)
- Re: Scans from udel.edu and tue.nl Jose Nazario (Mar 22)
- 8 hours of pinging & POP2 Paul Tero (ME IT) (Mar 22)
- Re: Scans from udel.edu and tue.nl Ryan Russell (Mar 23)
- R: Scans from udel.edu and tue.nl Gregor Sfiligoj (Mar 22)
- Linux Security slam () THEGRID NET (Mar 22)
- Re: Scans from udel.edu and tue.nl Matthew S. Hallacy (Mar 22)
- <Possible follow-ups>
- Re: Scans from udel.edu and tue.nl Fernando Cardoso (Mar 23)
- Re: Scans from udel.edu and tue.nl Ed Padin (Mar 24)
- Re: Scans from udel.edu and tue.nl Alexandru Popa (Mar 22)