Something strange(?) Going on with the sshd
Whilst tootling about, I've noticed that apparently I have 3 ssh sessions opened to my server:
Code:
[root@moop home]# who Code:
[root@moop home]# ps aux|grep sshd For the life of me, I really don't see what/how/why this has happened :( I have restarted the sshd, but surely doing this would terminate all connections over ssh.. So, what / where am I screwing up :) Thanks! |
I can't remember what the reason is for it looking like that but it's pretty much the same on this box.
Code:
[root@sony ~]# who |
Hi homey,
I ran chkrootkit, and I have an entry popping up, which is running on the same port as usermin. I'm looking into this - I believe it's just a false positive from what I've so far gathered (you cant login as root via usermin, and those users who have access to it, cant even use ssh - though clearly if there's something amiss it needs to be fixed). Code:
Checking `bindshell'... INFECTED (PORTS: xxxxx) Quote:
Thanks homey, chkrootkit is one of those programs that having been used once, I dont think I'll be able to go without again.. Though I'd still like to get to the bottom of why I have 3 "me's" listed from a who, yet only being connected once. Even though chkroot is saying nothing is compromised (I hope..) It's just bang-out-of-order that a who command whould give seemingly false information - it leaves the whole but maybe the box is compromised debate open. |
All times are GMT -5. The time now is 06:34 PM. |