Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: pnscan running but not installed
Special Forums Cybersecurity pnscan running but not installed Post 302611731 by seanhogge on Friday 23rd of March 2012 11:23:07 AM
Old 03-23-2012
pnscan running but not installed
Hello to everyone. I have encountered my first security breach! Quite exciting.

I received a few polite emails from abuse networks indicating my outward-facing web & ftp (no mail) server was sending them unfriendly traffic. A quick htop showed that root had executed "pnscan" but I never recalled installing it. I sent it a kill -9, and sure enough, dpkg -s pnscan tells me it's never been installed.

So it seems pretty clear that someone's gotten access to my system in some fashion. The problem is, I don't know where to begin looking. I've scoured logs - I don't see anything obviously fishy there. I've checked bash history - nothing there (though that's easy to circumvent).

Where else should I be looking, or what has my inexperience caused me to miss in the logs? Is this definitely someone who's rooted my server? Could be an FTP vulnerability?

---------- Post updated at 09:23 AM ---------- Previous update was at 09:14 AM ----------

Oops. This should have been posted in Security. I won't repost, I'll let a moderator move it. Sorry for the inconvenience.
 

10 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

How to prevent job1 from running while job2 is running..

Hi, Please I need your expert advise on how to prevent/lock from execution job1 while job2 is still running in Unix... THanks:) (3 Replies)
Discussion started by: tikang
3 Replies

2. UNIX for Dummies Questions & Answers

how to know if oracle is installed ?

can anyone please tell me how to know whether oracle is installed in unix? what is the path to check if oracle is installed or not? (2 Replies)
Discussion started by: soujanya_srk
2 Replies

3. Programming

No dbx installed

I have a problem whith dbx: there is no dbx installed!!! Could someone tell me where do i get dbx program and how to install it? Thanks. (1 Reply)
Discussion started by: calloc
1 Replies

4. Linux

Get the OS Installed date

Hi, How to get OS installed date in Linux using terminal command? Thanks is advance (3 Replies)
Discussion started by: forumguest
3 Replies

5. UNIX for Advanced & Expert Users

Firewall installed

Hi Friends, I have installed Web App Server(WAS) on Linux box, but unable to launch webinterface from IE. I have a doubt that there is a firewall installed on the Linux box. How can I verify that there is no firewall installed on the machine where WAS is installed (Linux machine). ... (1 Reply)
Discussion started by: NARESH1302
1 Replies

6. AIX

OS Patches installed but they seem as not installed

Hello everyone: I've installed an OS patch into AIX 6.1 by running the following command: instfix -d /tmp/6100-02-03 -k "IZ41855" however it seem not installed instfix -i -k "IZ41855" There was no data for IZ41855 in the fix database. what am I doing wrong? (8 Replies)
Discussion started by: edgarvm
8 Replies

7. AIX

aioo seems to be not installed

Hi everyone: I've a server running AIX 6.1 which had initialy technology level =0, after an upgrade oslevel -s reports that it was increased to 6100-04-02, however after doing this the aioo command seems to be not present, what did I do wrong? edit: lslpp shows bos.rte.aio was installed: ... (1 Reply)
Discussion started by: edgarvm
1 Replies

8. Red Hat

Trouble with installed / not installed rpm unixODBC/libodbc.so.1

Hey there, i run 1: on my server (RHEL 6) and getting response that the libodbc is not installed. If i use yum for installation, it tells me, there is no package like this ( 2: ). Since in the description of Definiens is mentioned that the Run-time dependency is unixODBC (libodbc.so.1), I assume... (2 Replies)
Discussion started by: rkirsten
2 Replies

9. OS X (Apple)

Just installed El Capitan...

Just updated from Yosemite to El Capitan on my iMac... What an improvement! The front end is really slick now on this tool... Still using OSX 10.7.5 on my laptop and the Applescript code inside AudioScope.sh is now broken under El Capitan but the rest of AudioScope.sh works on it...... (4 Replies)
Discussion started by: wisecracker
4 Replies

10. UNIX for Beginners Questions & Answers

Bash find version of an installed application but if none is found set variable to App Not Installed

Hello Forum, I'm issuing a one line bash command to look for the version of an installed application and saving the result to a variable like so: APP=application --version But if the application is not installed I want to return to my variable that the Application is not installed. So I'm... (2 Replies)
Discussion started by: greavette
2 Replies

LEARN ABOUT PHP

ftpconfig

ftpconfig(1M)						  System Administration Commands					     ftpconfig(1M)

NAME

       ftpconfig - set up anonymous FTP

SYNOPSIS

       ftpconfig [ftpdir]

       ftpconfig -d ftpdir

DESCRIPTION

       The ftpconfig script is executed by the super user to set up anonymous FTP. Anonymous FTP allows users to remotely log on to the FTP server
       by specifying the user name  ftp or anonymous and the user's email  address as password. The anonymous users  are  logged  on  to  the  FTP
       Server  and  given  access to a restricted file area with its own file system root. See chroot(2). The FTP area has  its own minimal system
       files.

       This command will copy and set up all the components needed to operate an anonymous FTP server, including creating the  ftp  user  account,
       creating  device  nodes,  copying  /usr/lib files, and copying timezone data.  The passwd and group files set up have been stripped down to
       prevent malicious users from finding login names on the server.	The anonymous file area will be placed	under  ftpdir.	If  the  ftp  user
       account already exists, then the current FTP area is used, and the system files in it are updated. All other files are left untouched. This
       command should be run to update the anonymous FTP area's configuration whenever a system patch is installed, or the system is upgraded.

OPTIONS

       -d	Create a new or update an existing ftpdir without creating or updating the ftp user account. Use this option when  creating  guest
		FTP user accounts.

OPERANDS

       The following operands are supported:

       ftpdir	The absolute pathname of the directory under which the anonymous FTP area is set up.

EXIT STATUS

       The following exit values are returned:

       0	Successful completion

       1	Improper usage of the command

       2	Command failed

ATTRIBUTES

       See attributes(5)  for descriptions of the following attributes:

       +-----------------------------+-----------------------------+
       |      ATTRIBUTE TYPE	     |	    ATTRIBUTE VALUE	   |
       +-----------------------------+-----------------------------+
       |Availability		     |SUNWftpu			   |
       +-----------------------------+-----------------------------+
       |Interface Stability	     |Evolving			   |
       +-----------------------------+-----------------------------+

SEE ALSO

       ftpaddhost(1M), in.ftpd(1M), useradd(1M), chroot(2), attributes(5)

SunOS 5.10							    1 May 2003							     ftpconfig(1M)
All times are GMT -4. The time now is 12:39 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy