[CentOS] Help: Server security compromised?

Bent Terp bent at terp.se
Wed Aug 6 06:04:08 UTC 2008

On Wed, Aug 6, 2008 at 7:48 AM, Noob Centos Admin
<centos.admin at gmail.com> wrote:
> /sbin/iptables -A RH-Firewall-1-INPUT -s -j DROP

I'd recommend you add the extra rules by editing
/etc/sysconfig/iptables instead. At least that way you can be sure
they'll survive restarts off iptables.

Next check that the output from
'/sbin/chkconfig iptables --list'

looks like this:
'iptables        0:off   1:off   2:on    3:on    4:on    5:on    6:off'

otherwise, do '/sbin/chkconfig iptables on' so you're sure the service
starts as intended.

> If not, what should I do next to find and eliminate this problem? Thanks in
> advance for any advice!

Check the crontabs and follow up on the entries. Don't forget to also
look in /var/spool/cron/
Are there any strange processes running? What does the logfiles say?

Wait an hour or so, and you'll see more (competent) advice coming in

BR Bent

More information about the CentOS mailing list