Date: Thu, 23 Oct 1997 12:57:19 -0700 (PDT) From: Doug White <dwhite@gdi.uoregon.edu> To: Whiskey Mike <breaker@hawk.phantasy.com> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: state of log files Message-ID: <Pine.BSF.3.96.971023125644.2937c-100000@gdi.uoregon.edu> In-Reply-To: <199710151508.KAA29250@hawk.phantasy.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 15 Oct 1997, Whiskey Mike wrote: > A short while back, a host that I frequent was hacked, in addition to to > dozens of university machines, including MIT and Princeton. The > perpetrator, who was eventually caught, put a backdoor on port 150 so he > could get in no matter what /etc/hosts.deny stated. > > Eventually he was caught, but now /var/log/messages, /var/log/ftp.log and > /var/log/secure are not being written to. The date and time of these files > are the same as the last time he hacked the system. Sounds like syslogd isn't working or was disabled, as part of this guys' work. Check that syslogd is running and that /var/log/syslogd.conf actually makes sense. Doug White | University of Oregon Internet: dwhite@resnet.uoregon.edu | Residence Networking Assistant http://gladstone.uoregon.edu/~dwhite | Computer Science Major
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.971023125644.2937c-100000>