LinuxSA Mailing list archives
Index:
[thread]
[date]
[subject]
[author]
[stats]
From: Alain Satre <alain@messagebay.com>
To : LinuxSA <linuxsa@linuxsa.org.au>
Date: Thu, 22 Feb 2001 17:00:56 -0800
Odd entries on Inetd.conf and Crontab
Ok. So Im pretty sure someone was successful at one time hacking into
one of our machines. I was checking up on a few servers, and listing
services, and adding a few scripts to crontabs when I came across these
findings. The first in Inetd.conf I can understand. It gives a logon
from port on 6678, allowing a user to type in their uname and pw to
login. Im not sure what the second line in inetd.conf is doing, since
rsh is not runnign on the machine. I also found this crontab entry and
im not quite sure what the idea here was. To restart sshd over and over
again, redirecting the output to null? Can someone give me a quick
explanation as to what was going on here? Im pretty sure they used a
hole in rpc services to get root, but why the rshd and crontab entry?
Inetd.conf
6678 stream tcp nowait root /usr/sbin/tcpd in.telnetd
shell stream tcp nowait root /usr/sbin/in.rshd -n
crontab -l
*/5 * * * * /usr/sbin/sshd >/dev/null 2>/dev/null
Thanks in advance
Alain
--
LinuxSA WWW: http://www.linuxsa.org.au/ IRC: #linuxsa on irc.linux.org.au
To unsubscribe from the LinuxSA list:
mail linuxsa-request@linuxsa.org.au with "unsubscribe" as the subject
Index:
[thread]
[date]
[subject]
[author]
[stats]
Return to the LinuxSA Mailing List Information Page