hiding crontab logs??

From: Matthias Güntert (MatzeGuentert_at_gmx.de)
Date: 07/16/03

  • Next message: Kelly Martin: "Re: FW: Monitoring the network: Routers"
    Date: Wed, 16 Jul 2003 16:55:36 +0200 (MEST)
    To: security-basics@securityfocus.com
    
    

    Hello list,

    my suse linux 7.3 server has been hacked. The hacker frequently started a
    reverse netcat shell via crontab. But how was the hacker able to hide his
    tracks? I frequently check my logs! As far as i know crontab writes entries into
    /var/log/messages. Also i wasn't able to see anything via crontab -l.
    Any help on this would be appreciated.

    Best Regards

    M.Güntert

    -- 
    +++ GMX - Mail, Messaging & more  http://www.gmx.net +++
    Jetzt ein- oder umsteigen und USB-Speicheruhr als Prämie sichern!
    ---------------------------------------------------------------------------
    Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
    The Gartner Group just put Neoteris in the top of its Magic Quadrant,
    while InStat has confirmed Neoteris as the leader in marketshare.
         
    Find out why, and see how you can get plug-n-play secure remote access in
    about an hour, with no client, server changes, or ongoing maintenance.
              
    Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
    ----------------------------------------------------------------------------
    

  • Next message: Kelly Martin: "Re: FW: Monitoring the network: Routers"

    Relevant Pages

    • Re: hiding crontab logs??
      ... As far as i know crontab writes entries into ... > Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! ... > about an hour, with no client, server changes, or ongoing maintenance. ...
      (Security-Basics)
    • Re: hiding crontab logs??
      ... > a reverse netcat shell via crontab. ... your crond's log level or altered one of your existing cron scripts to ... Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! ...
      (Security-Basics)
    • Re: hiding crontab logs??
      ... Matthias Güntert wrote: ... >reverse netcat shell via crontab. ... Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! ...
      (Security-Basics)
    • crontab manipulation from php
      ... I got a server application in a LAMP environment doing batch tasks. ... number of additional jobs to be run in future. ... What has to be done is to manipulate the crontab of the web server in a way ... requires an editor as argument, this editor is used for the manipulation. ...
      (comp.lang.php)
    • Re: Cron Job
      ... Another server uses this. ... no crontab for admin ... That's not a cron job. ... I'd have to ask why the backup is only run when the server is ...
      (comp.os.linux.misc)