From owner-freebsd-security Mon Jun 19 6:21:13 2000 Delivered-To: freebsd-security@freebsd.org Received: from relay.inforser.ru (relay.inforser.ru [195.54.223.182]) by hub.freebsd.org (Postfix) with ESMTP id 4745237B653 for ; Mon, 19 Jun 2000 06:21:00 -0700 (PDT) (envelope-from oleg@inforser.ru) Received: from iNDiAN (164.inforser.ru [195.54.223.164]) by relay.inforser.ru (8.9.2/8.9.3) with SMTP id RAA26721 for ; Mon, 19 Jun 2000 17:18:52 +0400 (MSD) Message-ID: <002b01bfd9f1$03fb2680$a4df36c3@Inforser.Ru> From: "Oleg Strizhak" To: "FreeBSD-security" Subject: tried to be cracked Date: Mon, 19 Jun 2000 17:19:34 +0400 Organization: Inforser MIME-Version: 1.0 Content-Type: text/plain; charset="windows-1251" Content-Transfer-Encoding: quoted-printable X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2919.6600 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6600 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi all! Today seeng this in messages: Jun 17 03:30:01 servak su: _secure_path: /xxx/.login_conf is not owned = by uid 65534 Jun 17 03:30:01 servak su: _secure_path: /xxx/.login_conf is not owned = by uid 65534 checked all the logs -- there was no login via telnet, ssh. Nothing of = activity was detected for that period of time on my http or ftp daemons. = So I suppose that it was through one of the predifined inetd services.=20 Here is my inetd.conf's enabled nodes: ftp stream tcp nowait root /usr/local/sbin/proftpd proftpd telnet stream tcp nowait root /usr/libexec/telnetd telnetd shell stream tcp nowait root /usr/libexec/rshd rshd login stream tcp nowait root /usr/libexec/rlogind rlogind finger stream tcp nowait/3/10 nobody /usr/libexec/fingerd fingerd -s comsat dgram udp wait tty:tty /usr/libexec/comsat comsat ntalk dgram udp wait tty:tty /usr/libexec/ntalkd ntalkd # # IPv6 services # ftp stream tcp6 nowait root /usr/local/sbin/proftpd proftpd telnet stream tcp6 nowait root /usr/libexec/telnetd telnetd shell stream tcp6 nowait root /usr/libexec/rshd rshd login stream tcp6 nowait root /usr/libexec/rlogind rlogind finger stream tcp6 nowait/3/10 nobody /usr/libexec/fingerd fingerd -s Question is: which of these daemons can be disabled (or even inetd = itself) w/o any harm. I've no use of NFS -- plain http/ftp/pop server. = SMTP and POP stuff is already handled by tcpserv. I've already set up hosts.allow: denied any w/o reverse DNS, allowed any = ftp, portmap, and ssh; denied all other daemons/users except trusted = address. Where can I find out additional info about hosts.allow syntax? Thanx in advance. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message