ANALGINS Posted October 12, 2010 Report Share Posted October 12, 2010 situacija: ir aizdomas ka uz vienas kastes varetu but kads ieperinajies, iespejams proxy serveris uzlikts, ntop uzrada divainu trafiku, ssh konekcijas nakts vidu, ftp konekcijas etc interese: ka to nodetektet un ja ir kkadi caurumi ka tos noverst? sistema: ubuntu 9.10 x86 un pedejie apdeiti reinstals ka zales nepastav! logus esmu petijis, neko man aizdomigu neesmu pamanijis, vienigi pie procesiem karajas kkas interesants ID Owner Started Command 2183 root 13:54 sh -c ps --cols 2048 -eo user:80,ruser:80,group:80,rgroup:80,pid,ppid,pgid,pcpu, ... 2184 root 13:54 ps --cols 2048 -eo user:80,ruser:80,group:80,rgroup:80,pid,ppid,pgid,pcpu,vsz,ni ... Link to comment Share on other sites More sharing options...
BOT^a Posted October 12, 2010 Report Share Posted October 12, 2010 webmin? Link to comment Share on other sites More sharing options...
ANALGINS Posted October 12, 2010 Author Report Share Posted October 12, 2010 jā ir arī tas, nekas nestav uz defultajiem portiem, gan webminam, gan ssh ir cits ports.. zini kas tas par procesu ? ka uzspiež uz PID ta proces nomirst, bet refreshojot procesu lapu tas atkal paradas.. Link to comment Share on other sites More sharing options...
BOT^a Posted October 12, 2010 Report Share Posted October 12, 2010 nu vismaz cik es esmu izpratis tas ir webmin izveidots process taja apriidii lai kad tev meegjina paraadiit esoshos procesus redzeetu vinju ownerus un subprocesus, bet s protasm neesmu paalreicinaats... bet katra azinjaa vinjjam ir saistiiba ar webminu par to esmu paarleicinaats 100% Link to comment Share on other sites More sharing options...
ANALGINS Posted October 12, 2010 Author Report Share Posted October 12, 2010 mhm skaidrs, citas idejas ? tiko piefikseju ka ir ieviesies jauns process exim4 MTA serveris.. tas taka izskaidrotu kāpec šad un tad paradas maila trafiks.. Link to comment Share on other sites More sharing options...
vincister Posted October 12, 2010 Report Share Posted October 12, 2010 Tā "sh -c ps --cols 2048 -eo ..." kommanda diezgan pašsaprotami ir procesu parādīšana, vai tam webminam (lai kas arī tas būtu) vai kam citam. Nu kā ar firewall, ssh root aizliegšanu, ssh loginu mēģinājumu ierobežošanu etc. ? Link to comment Share on other sites More sharing options...
ANALGINS Posted October 13, 2010 Author Report Share Posted October 13, 2010 ar root nevar ielogoties, 3atempti un seko drops Link to comment Share on other sites More sharing options...
roleeks Posted October 13, 2010 Report Share Posted October 13, 2010 iepriekš pieminēja webmin, izslēdz viņu arā un vēro tad procesus, ja būs vēl joprojām, tad vaina būs kkur citur. Link to comment Share on other sites More sharing options...
Recommended Posts
Please sign in to comment
You will be able to leave a comment after signing in
Sign In Now