LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 02-26-2002, 08:06 AM   #1
dri95
LQ Newbie
 
Registered: Feb 2002
Posts: 11

Rep: Reputation: 0
Angry /usr/tux/backup/login: Bad Address


I tried to login to my system via the console or tlenet and get "/usr/tux/backup/login: Bad Address"

I couldn't login as root or anyone else for that matter even though my web server was working fine.

I noticed that the ls command now had a permission of 700 and it appeared that ps might have been touched.

Please help.
 
Old 02-26-2002, 05:22 PM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,409
Blog Entries: 55

Rep: Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582Reputation: 3582
Could be the "tux" or "optic" rootkit. Unfortunately chkrootkit doesn't recognize these yet, and so you're definately in limbo here, I don't have string samples for you to check for positive match, but messages on the securityfocus list mention the binaries are pointing to a dir /dev/tux. If it's there, wtmp has been deleted, /var/log/messages is scrubbed for connection entries, and you've got files like /usr/bin/xchk and /usr/bin/xsf I'd say it's a positive match.

Soz, but I can't break the news any other way. Disconnect the box from the net, save your *human readable data* (NO BINARIES), wipe the partition(s) clean and reinstall.

Head over to cert.org and sans.org for the *nix security checklist and "best practices" docs, over to linuxdoc.org for "Optimizing Securing Linux", add a file integrity checker like Aide, Tripwire or Samhain, install intrusion detection capability like Snort, tighten your firewall rules. Go back to cert.org and sans.org, read up on the docs again and come back to answer more questions, it's what we're here for.

Good luck!
 
Old 02-26-2002, 06:56 PM   #3
dri95
LQ Newbie
 
Registered: Feb 2002
Posts: 11

Original Poster
Rep: Reputation: 0
Hack cure ....

I am proceding with the UNIX Security Checklist v2.0 - The Essentials from cert.org.

Being I have to start basically from scratch.. I originally had RedHat 6.1 on the machine with no updates or patches.

What should I put on the machine at this point? It will basically be an Apache web server.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
/usr/bin/env: bad interpreter: Permission denied Master Fox Linux - Software 8 02-09-2012 08:25 AM
Partitioning gone bad-deleted /usr ertyu2000 Linux - Newbie 3 05-04-2004 03:26 PM
Why is chmod a+r -R /usr/ a bad idea? BroX Linux - Newbie 4 11-18-2003 12:47 PM
/dev/tux/backup/login: Bad address ron9999 Linux - General 0 09-30-2003 04:03 AM
"/usr/tux/backup/login: Bad Address" dri95 Linux - Security 0 02-26-2002 07:30 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 04:15 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration