From owner-freebsd-questions  Wed Jul 24 20: 9: 7 2002
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 6AF2137B400
	for <freebsd-questions@freebsd.org>; Wed, 24 Jul 2002 20:09:05 -0700 (PDT)
Received: from labs.unixhideout.com (dsl-65-187-193-189.telocity.com [65.187.193.189])
	by mx1.FreeBSD.org (Postfix) with ESMTP id B586D43E88
	for <freebsd-questions@freebsd.org>; Wed, 24 Jul 2002 20:09:04 -0700 (PDT)
	(envelope-from sagacious@unixhideout.com)
Received: from MIKESBOX ([192.168.1.10])
	by labs.unixhideout.com (8.12.5/8.12.3) with ESMTP id g6P397X2078021
	for <freebsd-questions@freebsd.org>; Wed, 24 Jul 2002 23:09:07 -0400 (EDT)
	(envelope-from sagacious@unixhideout.com)
From: "sagacious" <sagacious@unixhideout.com>
To: <freebsd-questions@freebsd.org>
Subject: RE: Watching users
Date: Wed, 24 Jul 2002 23:09:04 -0400
Message-ID: <000001c23388$a1c00500$0a01a8c0@MIKESBOX>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="US-ASCII"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.2627
In-Reply-To: <20020724204502.E92334-100000@ren.sasknow.com>
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

>Hmm... So you want something that will simply just flip a switch and
let >you know if/when someone logs in or out. I won't ask why. :-)


My box got rooted the other day via that sshd exploit. He was defacing
my webpage and causing trouble. I didn't even know it. He started hiding
what he was doing so he could keep root. The funny thing is the only
reason I still have a box is because I was going on vacation so for the
hell of it I closed port 22 in my router. I locked him out without even
knowing it. I have people that need to login now that I'm back but I
need to see who and what from ips.. For all I know this tool downloaded
my master.passwd.
Thanks for your help.

sagacious (Mike)
Network administrator
The unixhideout network
http://www.unixhideout.com




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message