[CentOS] Help: Server security compromised?
bent at terp.se
Wed Aug 6 06:04:08 UTC 2008
On Wed, Aug 6, 2008 at 7:48 AM, Noob Centos Admin
<centos.admin at gmail.com> wrote:
> /sbin/iptables -A RH-Firewall-1-INPUT -s 126.96.36.199 -j DROP
I'd recommend you add the extra rules by editing
/etc/sysconfig/iptables instead. At least that way you can be sure
they'll survive restarts off iptables.
Next check that the output from
'/sbin/chkconfig iptables --list'
looks like this:
'iptables 0:off 1:off 2:on 3:on 4:on 5:on 6:off'
otherwise, do '/sbin/chkconfig iptables on' so you're sure the service
starts as intended.
> If not, what should I do next to find and eliminate this problem? Thanks in
> advance for any advice!
Check the crontabs and follow up on the entries. Don't forget to also
look in /var/spool/cron/
Are there any strange processes running? What does the logfiles say?
Wait an hour or so, and you'll see more (competent) advice coming in
More information about the CentOS