LinuxQuestions.org
Did you know LQ has a Linux Hardware Compatibility List?
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 07-06-2003, 08:45 AM   #1
Comatose51
Member
 
Registered: Jan 2003
Location: New Haven, CT
Distribution: RedHat 8.0
Posts: 54

Rep: Reputation: 15
System compromised?


I typed users and it shows that I have 4 roots logged in. I should be the only person logged in. Should I be worried? Are there services that log in as root?

How do I find out where they're logging in from?

For some reason, I have this thing listening on a port:
/tmp/ssh-XXJaxpng.agent

Is that a normal ssh thing?
 
Old 07-06-2003, 09:18 AM   #2
dai
Member
 
Registered: May 2002
Location: Wales
Distribution: Slack 8.1, Gentoo 1.3a, Red Hat 7.3, Red Hat 7.2, Manrake 8.2
Posts: 328

Rep: Reputation: 30
netstat -l |grep LISTEN should help you identify ports that are bieng listened on. If you find an output showing only port number and not a recognised service then I think theres a site you can check what ports are set for certain services.

Also to check if services are running as root do a

ps aux

or if you know of services running on your machine use

ps aux|grep Servicename

also use Dmesg to check what services start on boot up.

Also check your /etc/inetd file to see what services are set to run thru inetd.

If your not running inetd but instead xinetd check each of the config files set for the services running.

If you find anything suspicious then post results here or disable the service.

As far as having several root logins you havent logged in as root on the other tty terminals have you????

use Alt+F1 thru to F6 to check (or in X Ctrl+ALt+F1 etc)

hope this helps
 
Old 07-07-2003, 12:13 PM   #3
Comatose51
Member
 
Registered: Jan 2003
Location: New Haven, CT
Distribution: RedHat 8.0
Posts: 54

Original Poster
Rep: Reputation: 15
Cool thanks. Nothing listening so I guess I am safe.
 
Old 07-11-2003, 08:28 AM   #4
german
Member
 
Registered: Jul 2003
Location: Toronto, Canada
Distribution: Debian etch, Gentoo
Posts: 312

Rep: Reputation: 30
that's a presumptuous thing to say.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
System possibly compromised kloppster Linux - Security 7 07-12-2004 03:30 PM
high speed system compromised witeshark Linux - Security 3 04-14-2004 03:53 PM
do these symptoms mean my system is compromised? jimlaur Linux - Security 10 03-18-2004 12:20 PM
System compromised BruceCadieux Linux - Security 20 09-29-2003 08:24 PM
Help: I think my system has been compromised! Comatose51 Linux - General 2 06-29-2003 05:00 PM


All times are GMT -5. The time now is 05:07 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration