From owner-freebsd-security Mon Aug 21 1:10:27 2000 Delivered-To: freebsd-security@freebsd.org Received: from ajax2.sovam.com (ajax2.sovam.com [194.67.1.173]) by hub.freebsd.org (Postfix) with ESMTP id 90CF137B43F for ; Mon, 21 Aug 2000 01:10:22 -0700 (PDT) Received: from ts16-a478.dial.sovam.com ([195.239.4.224]:1075 "EHLO pentium" ident: "NO-IDENT-SERVICE[2]" whoson: "expohard@online.ru" smtp-auth: TLS-CIPHER: TLS-PEER: ) by ajax2.sovam.com with ESMTP id ; Mon, 21 Aug 2000 12:10:09 +0400 Reply-To: From: "Vladimir I. Kulakov" To: "CrazZzy Slash" Cc: Subject: Re: "snmp.sample" in /usr/local/etc/rc.d/ Date: Mon, 21 Aug 2000 12:09:12 +0400 X-MSMail-Priority: Normal X-Priority: 3 X-Mailer: Microsoft Internet Mail 4.70.1155 MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Message-Id: <20000821081020Z277228-23170+34169@ajax2.sovam.com> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > Hi! > > Can you send me your /tmp/install.log? There is no such file !!! :--( Do you think it was deleted by a hacker? > > Hi, all ! > > > > I've just moved my server from FreeBSD 2.2.5 to 4.0 due > > to total hardware upgrade and many security holes. > > > > After upgrade I've mounted the hard disk from the previous > > mashine and moved all user's data from /usr/home/ from it > > to the new hard disk. The new mashine had new root > > password, of course. > > > > But at the next day after upgrade I've suddenly noticed > > two new scripts in /usr/local/etc/rc.d/ which intended to > > start at every bootup process and which I've never installed. > > > > Moreover, at the /usr/local/sbin/ there two more > > files appeared (snmpd and the second something like this). > > I've never installed snmp on that mashine and mtree > > tells me such files never existed there. > > > > In the log files there are nothing special. > > > > The new system was installed from a "clear" > > distribution. > > > > Was this a troyan programs? How can I check > > my server for such security holes? And how > > such programs could be installed? > > > > May be my mistake was mounting my old disk with > > securigy holes then working connected to the Internet ? > > But how the hacker could execute programs even > > from insecure disk on a secure mashine? > > > > Help me, please !!! > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-security" in the body of the message > > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message