Date: Mon, 19 Jun 2000 17:19:34 +0400 From: "Oleg Strizhak" <oleg@inforser.ru> To: "FreeBSD-security" <FreeBSD-security@freebsd.org> Subject: tried to be cracked Message-ID: <002b01bfd9f1$03fb2680$a4df36c3@Inforser.Ru>
next in thread | raw e-mail | index | archive | help
Hi all! Today seeng this in messages: Jun 17 03:30:01 servak su: _secure_path: /xxx/.login_conf is not owned = by uid 65534 Jun 17 03:30:01 servak su: _secure_path: /xxx/.login_conf is not owned = by uid 65534 checked all the logs -- there was no login via telnet, ssh. Nothing of = activity was detected for that period of time on my http or ftp daemons. = So I suppose that it was through one of the predifined inetd services.=20 Here is my inetd.conf's enabled nodes: ftp stream tcp nowait root /usr/local/sbin/proftpd proftpd telnet stream tcp nowait root /usr/libexec/telnetd telnetd shell stream tcp nowait root /usr/libexec/rshd rshd login stream tcp nowait root /usr/libexec/rlogind rlogind finger stream tcp nowait/3/10 nobody /usr/libexec/fingerd fingerd -s comsat dgram udp wait tty:tty /usr/libexec/comsat comsat ntalk dgram udp wait tty:tty /usr/libexec/ntalkd ntalkd # # IPv6 services # ftp stream tcp6 nowait root /usr/local/sbin/proftpd proftpd telnet stream tcp6 nowait root /usr/libexec/telnetd telnetd shell stream tcp6 nowait root /usr/libexec/rshd rshd login stream tcp6 nowait root /usr/libexec/rlogind rlogind finger stream tcp6 nowait/3/10 nobody /usr/libexec/fingerd fingerd -s Question is: which of these daemons can be disabled (or even inetd = itself) w/o any harm. I've no use of NFS -- plain http/ftp/pop server. = SMTP and POP stuff is already handled by tcpserv. I've already set up hosts.allow: denied any w/o reverse DNS, allowed any = ftp, portmap, and ssh; denied all other daemons/users except trusted = address. Where can I find out additional info about hosts.allow syntax? Thanx in advance. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?002b01bfd9f1$03fb2680$a4df36c3>