At our company, we have hundreds of employees that access this server for reporting purposes.
However, someone was familiar enough with sendmail and used it to send an email that was crafted to look like it came from a specific person and was sent to the entire company with private information. Huge security concern.
I have been tasked with helping figure out this spoof. Here is what I need to figure out.
The mail was sent at 11:12PM on May 17th.
I need to find the IP address of the system that made a shell/terminal connection to the server around this time and used the sendmail command to send an email to a specific mailing list.
Any ideas ? I'm not entirely familiar with logging yet. The mail log file doesn't seem to provide much useful information.
Last edited by Yogesh Sawant; 05-24-2010 at 03:20 AM..
Reason: added code tags
Hi you all, any of you know how to monitor what is going on in another terminal?
I mean if somebody will install an application on my server remotely and I want to "watch" what he is doing. I remember that some one use the "audit" command but now I just can't remember.
thanx.:mad: (2 Replies)
hi,
does anyone knows how to trace a user session on a unix system:
i want to log these things
1- login
2- date of starting session
3- date of closing session
i've tryed who and last but they don't give closing time of session
regards
hmaiida (2 Replies)
hello every one
can any one help me out i just want to trace what ever i am doing in linux 8.0 in the text mode to be saved in a text file so that at the end i can see my work what i have do. its just like oracle spool so you can see your work at the end .
for example what ever command u gave... (1 Reply)
hello every one
can any one help me out i just want to trace what ever i am doing in linux 8.0 in the text mode to be saved in a text file so that at the end i can see my work what i have do. its just like oracle spool so you can see your work at the end .
for example what ever command u gave... (2 Replies)
Kindly correct me if any of the foll is wrong:
I want to trace the current process from the C program itself which I think can be done using
ptrace(PTRACE_ATTACH,getpid(),0,0);
I would like to get control back after a segmentation fault, or arithmetric exception (i.e. all signals that end... (1 Reply)
Hi,
i need to get a log of all the commands typed and output of those commands fired by a specific user on my sun machine.
Also i need to trace all commands and inputs given from a specific IP on my machine.
Regards
Rochit (1 Reply)
Hello, my first post here.
I have a script to install a program which runs the user through installation interface offering several options. What I want to do is to trace the possible mistakes during the installation and send them to a logfile. I.e if a user interrupts the installation, I would... (2 Replies)
Hi all,
I have read about sendmail running as 2 separate process.
1 as a MSP, and the other as the real daemon or MTA.
In my current configuration,
the sendmail-client is disabled.
Both submit.cf and sendmail.cf are left as default untouch
I do not specified any mailhost... (3 Replies)
Discussion started by: javanoob
3 Replies
LEARN ABOUT OSF1
mailstats
mailstats(8) System Manager's Manual mailstats(8)NAME
mailstats - Displays statistics about mail traffic
SYNOPSIS
mailstats [-o] [-C cffile [-f stfile]
FLAGS
Do not display the name of the mailer in the output. Use cffile as the name of the sendmail "cf" file instead of /var/adm/sendmail/send-
mail.cf. Use stfile as the input statistics file instead of /var/adm/sendmail/sendmail.st.
DESCRIPTION
The mailstats command reads the information in the /var/adm/sendmail/sendmail.st file (or in the file specified with the -f flag), formats
it, and writes it to standard output. Note also that you can change the location of the sendmail.st file by editing its pathname in the
sendmail.cf file.
EXAMPLES
The format of the information is shown in the following example, in which the first field (M) contains a number that indicates the position
of that mailer in the sendmail.cf file, starting at 0 (zero). For example, the first mailer in the sendmail.cf file corresponds to the
number 0 in the mailstats display, the second mailer corresponds to the number 1, and so on. Statistics from Thu Feb 17 11:20:01 2000 M
msgsfr bytes_from msgsto bytes_to msgsrej msgsdis Mailer 1 50 77K 1 3K 0 0 local 6
43 59K 58 99K 0 0 smtp ============================================================ T 93
136K 59 102K 0 0 The fields in the report have the following meanings: Indicates the position of the mailer in
the sendmail.cf file. Indicates the number of messages received by the local machine from the indicated mailer. Indicates the number of
bytes in the messages received by the local machine from the indicated mailer. Indicates the number of messages sent from the local
machine using the indicated mailer. Indicates the number of bytes in the messages sent from the local machine using the indicated mailer.
Indicates the number of rejected messages. Indicates the number of discarded messages. Indicates the name of the mailer.
If sendmail transmits mail directly to a file, such as the dead.letter file or an alias target, the message and byte counts are credited to
the prog mailer, as defined in the sendmail.cf file. However, mailstats will still default to var/adm/sendmail/sendmail.st.
FILES
Specifies the command path Contains system statistics Contains configuration information for sendmail
RELATED INFORMATION
Commands: sendmail(8) delim off
mailstats(8)