Re: hiding crontab logs??

From: Oleg Klochko (kadet_at_itpark.com.ua)
Date: 07/17/03

  • Next message: Tim Greer: "Re: Sendmail banner & Network start output suppression"
    Date: Thu, 17 Jul 2003 15:16:07 +0300
    To: Matthias G?ntert <MatzeGuentert@gmx.de>
    
    

    See /etc/syslog.conf and know where the cron writes it logs

       On Wed, Jul 16, 2003 at 04:55:36PM +0200, Matthias G?ntert writes:
    > Hello list,
    >
    > my suse linux 7.3 server has been hacked. The hacker frequently started a
    > reverse netcat shell via crontab. But how was the hacker able to hide his
    > tracks? I frequently check my logs! As far as i know crontab writes entries into
    > /var/log/messages. Also i wasn't able to see anything via crontab -l.
    > Any help on this would be appreciated.
    >
    > Best Regards
    >
    > M.G?ntert
    >
    > --
    > +++ GMX - Mail, Messaging & more http://www.gmx.net +++
    >
    > Jetzt ein- oder umsteigen und USB-Speicheruhr als Pr?mie sichern!
    >
    >
    > ---------------------------------------------------------------------------
    > Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
    > The Gartner Group just put Neoteris in the top of its Magic Quadrant,
    > while InStat has confirmed Neoteris as the leader in marketshare.
    >
    > Find out why, and see how you can get plug-n-play secure remote access in
    > about an hour, with no client, server changes, or ongoing maintenance.
    >
    > Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
    > ----------------------------------------------------------------------------

    -- 
    Oleg Klochko
    Good Luck.
    ---------------------------------------------------------------------------
    Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
    The Gartner Group just put Neoteris in the top of its Magic Quadrant,
    while InStat has confirmed Neoteris as the leader in marketshare.
         
    Find out why, and see how you can get plug-n-play secure remote access in
    about an hour, with no client, server changes, or ongoing maintenance.
              
    Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
    ----------------------------------------------------------------------------
    

  • Next message: Tim Greer: "Re: Sendmail banner & Network start output suppression"

    Relevant Pages

    • Re: Re: Sendmail banner & Network start output suppression
      ... Server administration, security, programming, consulting. ... Subject: Ang: Re: Sendmail banner & Network start output suppression ... > The Gartner Group just put Neoteris in the top of its Magic Quadrant, ... > about an hour, with no client, server changes, or ongoing maintenance. ...
      (Security-Basics)
    • Re: Commerical Anti-Virus for Unix Machines
      ... mail server version, so it can check all your incoming email to your server. ... >> The Gartner Group just put Neoteris in the top of its Magic ... > about an hour, with no client, server changes, or ongoing maintenance. ...
      (Security-Basics)
    • RE: ASP Pages
      ... in addition to that you could enforce a high-bit password for FTP and ... perhaps remove your Plain Text FTP server and ... >> The Gartner Group just put Neoteris in the top of its Magic Quadrant, ...
      (Security-Basics)
    • RE: New trojan turns home PCs into porno Web site hosts
      ... > home computers under his control. ... it is only these other machines running the DNS services that can't ... >> The Gartner Group just put Neoteris in the top of its Magic ... > about an hour, with no client, server changes, or ongoing maintenance. ...
      (Security-Basics)
    • RE: Commerical Anti-Virus for Unix Machines
      ... Vexira make file server and mail server anti virus for different flavors ... > Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! ... > about an hour, with no client, server changes, or ongoing maintenance. ...
      (Security-Basics)