LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices



Reply
 
Search this Thread
Old 11-11-2003, 01:43 PM   #1
tearinox
Member
 
Registered: Aug 2003
Location: you dont want to know
Distribution: Gentoo 2004.2, Slackware 10, Windows XP, Windows 2003 Server
Posts: 348

Rep: Reputation: 30
Question am i being hacked?


when i type uptime i get this:
10:42:29 up 1 day, 20:11, 5 users, load average: 0.23, 0.32, 0.65

when i type who:
tearinox tty1 Nov 9 15:23
tearinox tty2 Nov 9 14:38
tearinox pts/0 Nov 10 18:34
tearinox pts/1 Nov 10 18:35
tearinox pts/2 Nov 11 00:09


going through my terminals, i only have two users connected (tty1, and tty2) that are running locally.

What are the pts/1 and pts/2? and how do i get rid of them?

thank you
 
Old 11-11-2003, 02:13 PM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,718
Blog Entries: 54

Rep: Reputation: 2967Reputation: 2967Reputation: 2967Reputation: 2967Reputation: 2967Reputation: 2967Reputation: 2967Reputation: 2967Reputation: 2967Reputation: 2967Reputation: 2967
Provided your system is "sane", as root, run (w/o outer quotes):
"lsof -p $(/sbin/fuser /dev/pts/*|cut -d ":" -f 2- | tr " " ",")" or "/sbin/fuser -vu /dev/pts/*" or "find /proc/[0-9]*/fd/ -ls | grep pts" to see what processes have pseudo tty's open.

am i being hacked?
Most likely not. Verify your systems integrity if you want to be sure.
 
Old 11-11-2003, 02:14 PM   #3
hw-tph
Senior Member
 
Registered: Sep 2003
Location: Sweden
Distribution: Debian
Posts: 3,032

Rep: Reputation: 57
Those are your terminals in X (Konsole, Gnome-Terminal, xterm, Eterm, whatever you're using). But that had me stumped at first too.

Håkan
 
Old 11-13-2003, 04:06 PM   #4
tearinox
Member
 
Registered: Aug 2003
Location: you dont want to know
Distribution: Gentoo 2004.2, Slackware 10, Windows XP, Windows 2003 Server
Posts: 348

Original Poster
Rep: Reputation: 30
Well this had me curious tho. I left my computer on overnight and it was acting a bit sluggish. Of course i figured i would just kill them but after i did that, i realized that i shouldn't written them down *tearinox smacks his head*

Is there a log that tells me what users are doing what by default? Or where are all the log files in gerneral? thx
 
Old 11-13-2003, 04:07 PM   #5
tearinox
Member
 
Registered: Aug 2003
Location: you dont want to know
Distribution: Gentoo 2004.2, Slackware 10, Windows XP, Windows 2003 Server
Posts: 348

Original Poster
Rep: Reputation: 30
should have*, not shouldn't
sry bout that.. me bad
 
Old 11-13-2003, 07:00 PM   #6
iceman47
Senior Member
 
Registered: Oct 2002
Location: Belgium
Distribution: Debian, Free/OpenBSD
Posts: 1,123

Rep: Reputation: 47
Quote:
Originally posted by tearinox

Or where are all the log files in gerneral? thx
All the logs files are in /var/log, check them all carefully and look for anything
out of the ordinary.
Be sure to follow UnSpawn's advice too.
If everything is safe, install aide.
It's an integrity checker and can detect changes in files, so it gets pretty hard
for anyone to crack your box and change stuff.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Have I been hacked? Please help linuxboy69 Linux - Security 11 09-07-2005 08:20 AM
Hacked? mikeshn Linux - Security 2 03-12-2004 02:57 PM
Help! Have I been hacked? Tenover Linux - Security 1 11-19-2003 04:24 PM
Did we just get hacked? vous Linux - Security 4 11-17-2003 09:11 AM
i think i've been hacked! safil Linux - Security 7 11-02-2003 11:16 AM


All times are GMT -5. The time now is 07:10 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration