Date: Mon, 21 Aug 2000 12:31:27 +0600 (KGST) From: CrazZzy Slash <slash@krsu.edu.kg> To: "Vladimir I. Kulakov" <kulakov@kudesniki.ru> Cc: freebsd-security@FreeBSD.ORG Subject: Re: "snmp.sample" in /usr/local/etc/rc.d/ Message-ID: <Pine.BSF.4.21.0008211230430.41785-100000@krsu.edu.kg> In-Reply-To: <20000820161100Z274714-23170%2B33643@ajax2.sovam.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi! Can you send me your /tmp/install.log? On Sun, 20 Aug 2000, Vladimir I. Kulakov wrote: > Hi, all ! > > I've just moved my server from FreeBSD 2.2.5 to 4.0 due > to total hardware upgrade and many security holes. > > After upgrade I've mounted the hard disk from the previous > mashine and moved all user's data from /usr/home/ from it > to the new hard disk. The new mashine had new root > password, of course. > > But at the next day after upgrade I've suddenly noticed > two new scripts in /usr/local/etc/rc.d/ which intended to > start at every bootup process and which I've never installed. > > Moreover, at the /usr/local/sbin/ there two more > files appeared (snmpd and the second something like this). > I've never installed snmp on that mashine and mtree > tells me such files never existed there. > > In the log files there are nothing special. > > The new system was installed from a "clear" > distribution. > > Was this a troyan programs? How can I check > my server for such security holes? And how > such programs could be installed? > > May be my mistake was mounting my old disk with > securigy holes then working connected to the Internet ? > But how the hacker could execute programs even > from insecure disk on a secure mashine? > > Help me, please !!! > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0008211230430.41785-100000>