03-23-2012
pnscan running but not installed
Hello to everyone. I have encountered my first security breach! Quite exciting.
I received a few polite emails from abuse networks indicating my outward-facing web & ftp (no mail) server was sending them unfriendly traffic. A quick htop showed that root had executed "pnscan" but I never recalled installing it. I sent it a kill -9, and sure enough, dpkg -s pnscan tells me it's never been installed.
So it seems pretty clear that someone's gotten access to my system in some fashion. The problem is, I don't know where to begin looking. I've scoured logs - I don't see anything obviously fishy there. I've checked bash history - nothing there (though that's easy to circumvent).
Where else should I be looking, or what has my inexperience caused me to miss in the logs? Is this definitely someone who's rooted my server? Could be an FTP vulnerability?
---------- Post updated at 09:23 AM ---------- Previous update was at 09:14 AM ----------
Oops. This should have been posted in Security. I won't repost, I'll let a moderator move it. Sorry for the inconvenience.
10 More Discussions You Might Find Interesting
1. UNIX for Advanced & Expert Users
Hi,
Please I need your expert advise on how to prevent/lock from execution job1 while job2 is still running in Unix... THanks:) (3 Replies)
Discussion started by: tikang
3 Replies
2. UNIX for Dummies Questions & Answers
can anyone please tell me how to know whether oracle
is installed in unix?
what is the path to check if oracle is installed or not? (2 Replies)
Discussion started by: soujanya_srk
2 Replies
3. Programming
I have a problem whith dbx: there is no dbx installed!!!
Could someone tell me where do i get dbx program and how to install it?
Thanks. (1 Reply)
Discussion started by: calloc
1 Replies
4. Linux
Hi,
How to get OS installed date in Linux using terminal command?
Thanks is advance (3 Replies)
Discussion started by: forumguest
3 Replies
5. UNIX for Advanced & Expert Users
Hi Friends,
I have installed Web App Server(WAS) on Linux box, but unable to launch webinterface from IE.
I have a doubt that there is a firewall installed on the Linux box.
How can I verify that there is no firewall installed on the machine where WAS is installed (Linux machine).
... (1 Reply)
Discussion started by: NARESH1302
1 Replies
6. AIX
Hello everyone:
I've installed an OS patch into AIX 6.1 by running the following command:
instfix -d /tmp/6100-02-03 -k "IZ41855"
however it seem not installed
instfix -i -k "IZ41855"
There was no data for IZ41855 in the fix database.
what am I doing wrong? (8 Replies)
Discussion started by: edgarvm
8 Replies
7. AIX
Hi everyone:
I've a server running AIX 6.1 which had initialy technology level =0, after an upgrade oslevel -s reports that it was increased to 6100-04-02, however after doing this the aioo command seems to be not present, what did I do wrong?
edit: lslpp shows bos.rte.aio was installed:
... (1 Reply)
Discussion started by: edgarvm
1 Replies
8. Red Hat
Hey there,
i run 1: on my server (RHEL 6) and getting response that the libodbc is not installed. If i use yum for installation, it tells me, there is no package like this ( 2: ). Since in the description of Definiens is mentioned that the Run-time dependency is unixODBC (libodbc.so.1), I assume... (2 Replies)
Discussion started by: rkirsten
2 Replies
9. OS X (Apple)
Just updated from Yosemite to El Capitan on my iMac...
What an improvement!
The front end is really slick now on this tool...
Still using OSX 10.7.5 on my laptop and the Applescript code inside AudioScope.sh is now broken under El Capitan but the rest of AudioScope.sh works on it...... (4 Replies)
Discussion started by: wisecracker
4 Replies
10. UNIX for Beginners Questions & Answers
Hello Forum,
I'm issuing a one line bash command to look for the version of an installed application and saving the result to a variable like so:
APP=application --version
But if the application is not installed I want to return to my variable that the Application is not installed. So I'm... (2 Replies)
Discussion started by: greavette
2 Replies
LEARN ABOUT PHP
ftpconfig
ftpconfig(1M) System Administration Commands ftpconfig(1M)
NAME
ftpconfig - set up anonymous FTP
SYNOPSIS
ftpconfig [ftpdir]
ftpconfig -d ftpdir
DESCRIPTION
The ftpconfig script is executed by the super user to set up anonymous FTP. Anonymous FTP allows users to remotely log on to the FTP server
by specifying the user name ftp or anonymous and the user's email address as password. The anonymous users are logged on to the FTP
Server and given access to a restricted file area with its own file system root. See chroot(2). The FTP area has its own minimal system
files.
This command will copy and set up all the components needed to operate an anonymous FTP server, including creating the ftp user account,
creating device nodes, copying /usr/lib files, and copying timezone data. The passwd and group files set up have been stripped down to
prevent malicious users from finding login names on the server. The anonymous file area will be placed under ftpdir. If the ftp user
account already exists, then the current FTP area is used, and the system files in it are updated. All other files are left untouched. This
command should be run to update the anonymous FTP area's configuration whenever a system patch is installed, or the system is upgraded.
OPTIONS
-d Create a new or update an existing ftpdir without creating or updating the ftp user account. Use this option when creating guest
FTP user accounts.
OPERANDS
The following operands are supported:
ftpdir The absolute pathname of the directory under which the anonymous FTP area is set up.
EXIT STATUS
The following exit values are returned:
0 Successful completion
1 Improper usage of the command
2 Command failed
ATTRIBUTES
See attributes(5) for descriptions of the following attributes:
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
|Availability |SUNWftpu |
+-----------------------------+-----------------------------+
|Interface Stability |Evolving |
+-----------------------------+-----------------------------+
SEE ALSO
ftpaddhost(1M), in.ftpd(1M), useradd(1M), chroot(2), attributes(5)
SunOS 5.10 1 May 2003 ftpconfig(1M)