Re: system breach

On Thu 2006-12-28 (22:10), David Todd wrote:
something's up, nothing in ports will write to a /tmp/download
directory, so either you or someone with root access did it.

thought as much :/

I suggest:
checking /var/log/auth.log for attempted breachings

i had a rough skim and nothing suspicious, wanted to know when this
happened so i could scrutinise the logs better.

run sockstat and look for processes with ports open that shouldn't
have ports open.

thx, had a look at that and netstat etc, everything's normal.

conftest cores ususally mean a ./configure was issued and parts of
said configure failed, them being so far apart suggests that some work
was done to the configure script to fix it.

If you didn't install anything from ports at or around those periods
of time, then someone was running a configure script to build
something on the machine.

ah. it could very well have been me, was compiling a lot've stuff
around those 2 days. doesn't seem like portupgrade etc keeps logs
to check.
_______________________________________________
freebsd-stable@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscribe@xxxxxxxxxxx"

Quantcast