09-01-2008
Disappearing files
Suse 10.3
ispconfig
Using as a web server, mail server.
I'm the only user.
These files:
/var/log/httpd/ispconfig_access_log_2008_08_28
/var/log/httpd/ispconfig_access_log_2008_08_29
vanished without a trace.
I still have older and newer files, but not these.
I have not deleted anything since looking at these files a couple of days ago.
There was some suspicious activity in these logs, someone was trying to use me as a proxy, I didn't install squid, but I see a squid user in the user accounts. Someone else was trying an sql injection attack, and there was also an F bot attack.
After seeing all this, I installed and ran chkrootkit, fail2ban and snort.
Is it possible one of these programs deleted the files?
10 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
I have a route that disappears when the server is rebooted.
to get the route back I do:
route add 65.x.x.x 10.0.x.x
I go to cd /etc/inet
vi config
and the route is in place
Anybody might know what is happening? (4 Replies)
Discussion started by: jrmontg
4 Replies
2. Shell Programming and Scripting
Hi I am going to migrate our datawarehouse system from HP Tru 64 Unix to the Red Hat Linux.
Inside the box, it is running around 40 cron jobs; inside each cron job, it is calling other shell script files, and the shell script files may again call other shell script files or ctl files(for... (1 Reply)
Discussion started by: franksubramania
1 Replies
3. Windows & DOS: Issues & Discussions
I downloaded and installed wget for windows, then used cmd.exe to run it directly from its install folder. I downloaded an 8.5 GB (yes, Giga) tar file, waited a couple of days, then tried to find it only to see that it's nowhere to be found! I don't want to re-download the whole thing, especially... (3 Replies)
Discussion started by: HalfThere
3 Replies
4. UNIX for Advanced & Expert Users
We have seen an issue whereby every morning around the same time , we see files being deleted from /users/$userid .
We have many crons and processes running across 40+ different servers .
Possibly some rogue process is doing this .
How can one isolate the process removing stuff from the... (4 Replies)
Discussion started by: taherkf
4 Replies
5. Solaris
The latest crontab entry is disappearing time and again on acceptance and production environment.
the same entry gets deleted.
any pointers to what might be causing this issue? (1 Reply)
Discussion started by: bluenavi
1 Replies
6. Solaris
The latest crontab entry is disappearing time and again on acceptance and production environment.
the same entry gets deleted.
any pointers to what might be causing this issue? (6 Replies)
Discussion started by: bluenavi
6 Replies
7. Shell Programming and Scripting
Hi Gurus!
Example file:
1;AAA;BBB
2;CCC;DDD
We want to replace semicolons to tabulators.
Like this:
1 AAA BBB
2 CCC DDD
We have tried these codes.
With PERL:
#!/bin/bash
for i in `find /folder1/ -name "*.CSV"`
do
bi="`basename $i awk -F"." {'print $1'}`"
cat... (2 Replies)
Discussion started by: JanneN
2 Replies
8. Shell Programming and Scripting
Let's say I have a text file called process.out that contains:
cn=long\, ann,cn=users
cn=doe\, john,cn=users
I need to have the following appended in the beginning
ldapdelete -h $OIDHOST
So the final output looks like:
ldapdelete -h $OIDHOST "cn=long\, ann,cn=users"
ldapdelete -h... (4 Replies)
Discussion started by: exm
4 Replies
9. UNIX and Linux Applications
Hi
when I open a new KDE/terminal all my project groups are disappearing.
help is much appreciated.
Thanks
Sujay (2 Replies)
Discussion started by: sujaybatni
2 Replies
10. UNIX for Beginners Questions & Answers
i use the split command to split a one terabyte backup file into 10 chunks of 100 GB each. The files are split one after the other. While the files is being split, I will like to scp the files one after the other as soon as the previous one completes, from server A to Server B. Then on server B ,... (2 Replies)
Discussion started by: malaika
2 Replies
LEARN ABOUT DEBIAN
squid3_ncsa_auth
ncsa_auth(8) System Manager's Manual ncsa_auth(8)
NAME
ncsa_auth - NCSA httpd-style password file authentication helper for Squid
SYNOPSIS
ncsa_auth passwdfile
DESCRIPTION
ncsa_auth allows Squid to read and authenticate user and password information from an NCSA/Apache httpd-style password file when using
basic HTTP authentication.
The only parameter is the password file. It must have permissions to be read by the user that Squid is running as (cache_effective_user in
squid.conf).
This password file can be manipulated using htpasswd.
* MD5 - with optional salt and magic strings * DES - for passwords 8 characters or less in length
OPTIONS
Only specify the password file name.
EXAMPLE
ncsa_auth /etc/squid/squid.pass
SECURITY
ncsa_auth must have access to the password file to be executed.
KNOWN ISSUES
DES functionality (used by htpasswd by default) silently truncates passwords to 8 characters. Allowing login with password values shorter
than the one desired. This authenticator will reject login with long passwords when using DES.
SEE ALSO
htpasswd(1), squid(8)
AUTHOR
Manpage written by Rodrigo Rubira Branco <rrbranco@br.ibm.com>
Squid NCSA Auth helper May 16, 2006 ncsa_auth(8)