[Unix-l] Redhat box compromised
David Susman
DaSusman at vassar.edu
Mon Mar 8 17:39:03 EST 2004
CIS had a Redhat 7.2 (updated with relatively recent patches -- Note:
7.2 was end-of-lifed in December but we had to keep running it for
the application to be supported) broken into and compromised. Redhat
8 has also been end-of-lifed and therefore is also no longer
supported by RedHat. Version 9 is due to expire shortly.
If you are running a similar vintage machine, you should be aware of
the vulnerability and look for these signs of hacking (though I
believe some of the signs were just leftovers from careless hacker
cleanup):
/usr/include/.linux was added and contained a root kit.
/var/log/wtmp was truncated
/root/.ncftp files were zeroed out
We also noticed that 35GB of data files were deleted.
David
More information about the Unix-l
mailing list