[CentOS] Centos 5.3 -> Apache - Under Attack ? Oh hell....
Linux Advocate
linuxhousedn at yahoo.com
Sat Jun 13 07:02:10 UTC 2009
Matt, great idea.... I FOUND SOMETHING... pls see below...
________________________________
>From: Matt <lm7812 at gmail.com>
>To: CentOS mailing list <centos at centos.org>
>Sent: Thursday, June 4, 2009 4:40:57 AM
>Subject: Re: [CentOS] Centos 5.3 -> Apache - Under Attack ? Oh hell....
>PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
>23119 apache 15 0 964 556 472 S 0.7 0.0 0:03.68 atack
>When i 'ps -ef' i can see many lines as below;
>apache 24253 23378 0 10:54 ? 00:00:00 ./atack 100
>apache 24286 23378 0 10:59 ? 00:00:00 ./atack 100
>I good tool to have on your linux box that may help, some.
>http://rkhunter.sourceforge.net/
>http://rpmfind.net/linux/rpm2html/search.php?query=rkhunter
>After installing do.
>rkhunter --update
>rkhunter -c
>And see if it finds anything.
I DID FIND SOMETHING...NOT SURE WHAT THOUGH ;)
* Filesystem checks
Checking /dev for suspicious files... [ OK ]
Scanning for hidden files... [ Warning! ]
---------------
/etc/.pwd.lock /usr/share/man/man1/..1.gz /dev/.udev
---------------
Please inspect: /usr/share/man/man1/..1.gz (gzip compressed data, from Unix, max compression) /dev/.udev (directory)
The contents of the /dev/.udev folder;
drwxr-xr-x 2 root root 540 Jun 8 15:41 db
drwxr-xr-x 2 root root 740 Jun 8 15:41 failed
-rw-r--r-- 1 root root 4 Jun 8 15:42 uevent_seqnum
The contents of the ../man1/ folder ;
[root at fwg man1]# ls -al :.1.gz
-rw-r--r-- 1 root root 40 Jan 22 09:14 :.1.gz
[root at fwgw man1]# ls -al [.1.gz
-rw-r--r-- 1 root root 40 Jan 22 09:14 [.1.gz
Anything out of the ordinary?
---------------------------- Scan results ----------------------------
MD5 scan
Skipped <--- WHY SKIPPED ? bcos OS unknown as shown in the NOTE below?
File scan
Scanned files: 342
Possible infected files: 0
Application scan
Vulnerable applications: 0
Scanning took 32 seconds
....................... end .........................................
NOTE: When we run rkhunter, rkhunter says the lines below...eventhough i installed frm the centos repo? but still it says its an unknown OS
Rootkit Hunter 1.2.9 is running
Determining OS... Unknown
Warning: This operating system is not fully supported!
All MD5 checks will be skipped!
Anything out of the ordinary?
More information about the CentOS
mailing list