From: "Vladimir I. Kulakov" <kulakov@kudesniki.ru> To: <freebsd-security@FreeBSD.org> Subject: "snmp.sample" in /usr/local/etc/rc.d/ Message-ID: <20000820161100Z274714-23170%2B33643@ajax2.sovam.com>
next in thread | raw e-mail | index | archive | help
Hi, all ! I've just moved my server from FreeBSD 2.2.5 to 4.0 due to total hardware upgrade and many security holes. After upgrade I've mounted the hard disk from the previous mashine and moved all user's data from /usr/home/ from it to the new hard disk. The new mashine had new root password, of course. But at the next day after upgrade I've suddenly noticed two new scripts in /usr/local/etc/rc.d/ which intended to start at every bootup process and which I've never installed. Moreover, at the /usr/local/sbin/ there two more files appeared (snmpd and the second something like this). I've never installed snmp on that mashine and mtree tells me such files never existed there. In the log files there are nothing special. The new system was installed from a "clear" distribution. Was this a troyan programs? How can I check my server for such security holes? And how such programs could be installed? May be my mistake was mounting my old disk with securigy holes then working connected to the Internet ? But how the hacker could execute programs even from insecure disk on a secure mashine? Help me, please !!! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000820161100Z274714-23170%2B33643>