Results 1 to 6 of 6
Hello.
I was having a look through my /tmp when i noticed this:
Code:
jammin@Saturn:/tmp$ ls -a
. .X0-lock gconfd-jammin ksocket-jammin ssh-jLErPy2580
.. .X11-unix gconfd-root mcop-jammin
.ICE-unix .xfsm-ICE-YmJC95 kde-jammin orbit-jammin
...
- 02-15-2005 #1Just Joined!
- Join Date
- Jan 2005
- Posts
- 68
Has my box been comprimised??? Slack 10.1
Hello.
I was having a look through my /tmp when i noticed this:
Its the ssh-jLErPy2580 that is worying me.Code:jammin@Saturn:/tmp$ ls -a . .X0-lock gconfd-jammin ksocket-jammin ssh-jLErPy2580 .. .X11-unix gconfd-root mcop-jammin .ICE-unix .xfsm-ICE-YmJC95 kde-jammin orbit-jammin jammin@Saturn:/tmp$
If i emacs ssh-jLErPy2580 i get this:
I have no firewall as im behind a very locked down firewall on my uni network, im guessing if i cant get out, someone is going to find it hard to get in.Code:/tmp/ssh-jLErPy2580: used 1 available 16022620 drwx------ 2 jammin users 80 2005-02-15 12:09 . drwxrwxrwt 11 root root 392 2005-02-15 15:39 .. srwxr-xr-x 1 jammin users 0 2005-02-15 12:09 agent.2580
??????
Or am I just paranoid??
Thanks
- 02-15-2005 #2Linux User
- Join Date
- Feb 2005
- Location
- London, England
- Posts
- 362
check your logs, /var/log/messages , they should give you some indication as to what's going on, tmp is the only directory at the root of the file structure that can be written to by a regular user, and ssh is used for remote access, i know as i had the same problem myself, so the possibility can't be ruled out at first glance.
if in doubt you can always disable ssh, see http://www.linuxforums.org/forum/topic-33412.html for details
- 02-15-2005 #3Linux Engineer
- Join Date
- Aug 2004
- Location
- Seattle, Washington
- Posts
- 1,058
I think you are bit paranoid - not a bad thing.
if you really want to know open a shell
This will give you the last 100 lines in the messages folder if you want a continuous log then change the -100 to -f and hit ctrl -c to get back to the shellCode:su - <password> cd /var/log tail -100 messages
also tail the secure folder too. You do it the exact same way.
The logs migh look different at first let me know if you need help discifering them.
MikeSome people have told me they don't think a fat penguin really embodies the grace of Linux, which just tells me they have never seen a angry penguin charging at them in excess of 100mph. They'd be a lot more careful about what they say if they had.
-- Linus Torvalds
- 02-15-2005 #4Linux Engineer
- Join Date
- Aug 2004
- Location
- Seattle, Washington
- Posts
- 1,058
I must have missed your last post on this thread did you get it figured out or do you still need help?
Originally Posted by Krendoshazin
MikeSome people have told me they don't think a fat penguin really embodies the grace of Linux, which just tells me they have never seen a angry penguin charging at them in excess of 100mph. They'd be a lot more careful about what they say if they had.
-- Linus Torvalds
- 02-15-2005 #5Linux User
- Join Date
- Feb 2005
- Location
- London, England
- Posts
- 362
i still need help sorting that out Originally Posted by adrenaline
- 02-15-2005 #6Linux Engineer
- Join Date
- Aug 2004
- Location
- Seattle, Washington
- Posts
- 1,058
I will answer that on that other thread as to not hijack this one. Originally Posted by Krendoshazin i still need help sorting that out Originally Posted by adrenaline Some people have told me they don't think a fat penguin really embodies the grace of Linux, which just tells me they have never seen a angry penguin charging at them in excess of 100mph. They'd be a lot more careful about what they say if they had.
-- Linus Torvalds
Reply With Quote 
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
