From owner-freebsd-questions Thu Aug 9 1:31:29 2001 Delivered-To: freebsd-questions@freebsd.org Received: from web13305.mail.yahoo.com (web13305.mail.yahoo.com [216.136.175.41]) by hub.freebsd.org (Postfix) with SMTP id 44B1737B403 for ; Thu, 9 Aug 2001 01:31:26 -0700 (PDT) (envelope-from sumirati@yahoo.de) Message-ID: <20010809083126.47722.qmail@web13305.mail.yahoo.com> Received: from [193.174.9.99] by web13305.mail.yahoo.com; Thu, 09 Aug 2001 10:31:26 CEST Date: Thu, 9 Aug 2001 10:31:26 +0200 (CEST) From: =?iso-8859-1?q?m=20p?= Subject: Re: Ive been hacked-is sshd enabled by default in 4.3-release? To: bsd2000au@yahoo.com.au Cc: freebsd-questions@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG > Hi all, > trying to seal up cracks in my system (got web site > hacked) > I notice ps-ax shows sshd enabled. > Is it default or has someone done it? > How do I check if SSH has been inserted into a user? > Any other tips? > Thanks > Keith > Hi Keith, if you have ever enabled ssh in your /etcrc.conf using sshd_enable="YES" it is running. I think (don't know for sure) for FreeBSD 4.3 if you select HIGH security in sysinstall during installation it is enabled. For medium I'm not sure but think that it is enabled too. If you are ever able to insert ssh INTO a user let me know how you have done it. ;) If you have been hacked and the user gained root privileges there is no way (other than you are running tripwire or something like that) to tell what the user had done or what you had done. Just my 2 cent Marc __________________________________________________________________ Do You Yahoo!? Gesendet von Yahoo! Mail - http://mail.yahoo.de To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message