Re: Possible compromise ?

• Previous message: D J Hawkey Jr: "Re: Possible compromise ?"
• In reply to: D J Hawkey Jr: "Re: Possible compromise ?"
• Next in thread: Mark Ogden: "Re: Possible compromise ?"
• Reply: Mark Ogden: "Re: Possible compromise ?"
• Reply: Eric Anderson: "Re: Possible compromise ?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: "security at FreeBSD" <freebsd-security@freebsd.org>
Date: Tue, 27 Jan 2004 21:23:45 +0100

OK, sorry for unclear previous message.

In the past, one man teached me the FreeBSD basics and also installed my
gateway. In that time, I was not able to install and setup FreeBSD by
myself. He left there some holes - e.g. open virtual consoles, unset
firewall, etc. As the time went, I learned a lot about Unixes and FreeBSD
and I tried to setup my own firewall, install and setup some programs (with
big help of this and Questions lists, manpages and other books).

When I tried to setup more security on that system, except other things, I
disabled all virtual tty's, because there is no need to connect to this
machine remotelly (it's located 5 steps from my desk). In the past, that man
connected to my system remotely from various IPs.

Now, when I cat /var/log/lastlog, in the very bottom of the file, I can read
some connects from remote machines to ttyp0 and ttyp1. It's impossible for
me to retrieve connection dates from that file. Of course, I read man last,
man wtmp, etc., but there is nothing about /var/log/lastlog file.

May be, that lines was added in the deep past, when the machine was open.
But may be, it was done in few previous days...

I know, if my machine was compromised, it is impossible to believe in
anything on that machine (also kernel, sources). So, are there some other
ways to get information about connection dates?

Peter Rosa

_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"

• Previous message: D J Hawkey Jr: "Re: Possible compromise ?"
• In reply to: D J Hawkey Jr: "Re: Possible compromise ?"
• Next in thread: Mark Ogden: "Re: Possible compromise ?"
• Reply: Mark Ogden: "Re: Possible compromise ?"
• Reply: Eric Anderson: "Re: Possible compromise ?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: How to turn DNS off in sshd_config? ... >> is a feature, not a bug. ... The solution is to fix your naming setup. ... I use putty to connect to freebsd. ... Sometimes connection fails and I need to restart ppp (it ... (comp.unix.bsd.freebsd.misc) Re: Damaged PC ... if you want to call it that is the NIC cable connection. ... That was initially disconnected until setup started looking for a network, ... I was also unable to do a repair install. ... >> software to look for viruses, trojans, etc results in reboots. ... (microsoft.public.windowsxp.hardware) RE: [Freebsd-security] Re: Possible compromise ? ... is that you reinstall. ... I was not able to install and setup FreeBSD by ... >> me to retrieve connection dates from that file. ... (FreeBSD-Security) Re: How to turn DNS off in sshd_config? ... > is a feature, not a bug. ... The solution is to fix your naming setup. ... I use putty to connect to freebsd. ... Sometimes connection fails and I need to restart ppp (it ... (comp.unix.bsd.freebsd.misc) Re: Simplifying FreeBSD Installation ... I agree that the initial install time descriptions are weak in many ... Just to get FreeBSD to do a correct DHCP took a custom ... > Then getting the three computers to actually network together is another ... It might help to have some wizards for network setup, ... (freebsd-questions)