Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Our system was hacked
Special Forums Cybersecurity Our system was hacked Post 303037142 by jgt on Wednesday 24th of July 2019 05:19:52 PM
Old 07-24-2019
Our system was hacked
Someone made a mistake, and left our router wide open, pointing all ports to a SCO 6.0.0 system.
Within 24 hours, the following happened.
The contents of all the files (except tar files) in three directories, one directory on each of three different file systems, were replaced with nulls. None of the inode data was changed, meaning that the output of 'ls -l' was the same before and after. In two of the directories the file permissions were 0664, and in the last, the permissions were 0644 and files owned by root.
I have not been able to find anything in any of the log files to indicate who or when this happened.
Since we had adequate backups there was no long term damage.
Any thoughts would be appreciated.
This User Gave Thanks to jgt For This Post:
RavinderSingh13
 

3 More Discussions You Might Find Interesting

1. Linux

pc hacked

Hi, i think someone has hacked my server, the following rules used to come which i haven't put. Please help me i couldnt find out how this rules are apply, i think someone has put an script which generates enables the rules. But after restarting the iptables everything seems to be working... (0 Replies)
Discussion started by: naik_mit
0 Replies

2. Cybersecurity

How to know when you've been hacked

One of the most important ways to keep tou machine secure is to know when it has been broken into. The less time hackers have on your system, the less they can do to it, and the greater you chancens of kicking them off and repairing the damage. The more sophisticated the hacker, the less likely... (8 Replies)
Discussion started by: binhnx2000
8 Replies

3. Cybersecurity

Server hacked on known port

Hi, There is a recent case whereby it was reported that one of the production servers was hacked on port 1521. However, I am not sure how this was possible, as I checked that the OS firewall (iptables) is on : # /etc/init.d/iptables status Table: nat Chain PREROUTING (policy ACCEPT) num ... (7 Replies)
Discussion started by: anaigini45
7 Replies

LEARN ABOUT NETBSD

compat_ibcs2

COMPAT_IBCS2(8) 					    BSD System Manager's Manual 					   COMPAT_IBCS2(8)

NAME

     compat_ibcs2 -- setup procedure for running iBCS2 binaries

DESCRIPTION

     NetBSD supports running Intel Binary Compatibility Standard 2 (iBCS2) binaries.  This only applies to i386 systems for now.  Binaries are
     supported from SCO UNIX and other systems derived from AT&T System V Release 3 UNIX.  iBCS2 support is only well tested using SCO binaries.
     XENIX binaries are also supported although not as well tested.  SVR4 binaries are supported by the COMPAT_SVR4 option.

     iBCS2 supports COFF, ELF, and x.out (XENIX) binary formats.  Binaries from SCO OpenServer (version 5.x) are the only ELF binaries that have
     been tested.  Most programs should work, but not ones that use or depend on:

	   kernel internal data structures
	   STREAMS drivers (other than TCP/IP sockets)
	   local X displays (uses a STREAMS pipe)
	   virtual 8086 mode

     The iBCS2 compatibility feature is active for kernels compiled with the COMPAT_IBCS2 option enabled.  If support for iBCS2 ELF executables is
     desired, the EXEC_ELF32 option should be enabled in addition to COMPAT_IBCS2.

     Many COFF-format programs and most ELF-format programs are dynamically linked.  This means that you will also need the shared libraries that
     the program depends on.  Also, you will need to create a ``shadow root'' directory for iBCS2 binaries on your NetBSD system.  This directory
     is named /emul/ibcs2.  Any file operations done by iBCS2 programs run under NetBSD will look in this directory first.  So, if an iBCS2 pro-
     gram opens, for example, /etc/passwd, NetBSD will first try to open /emul/ibcs2/etc/passwd, and if that does not exist open the 'real'
     /etc/passwd file.	It is recommended that you install iBCS2 packages that include configuration files, etc. under /emul/ibcs2, to avoid nam-
     ing conflicts with possible NetBSD counterparts.  Shared libraries should also be installed in the shadow tree.

     Generally, you will need to look for the shared libraries that iBCS2 binaries depend on only the first few times that you install an iBCS2
     program on your NetBSD system.  After a while, you will have a sufficient set of iBCS2 shared libraries on your system to be able to run
     newly imported iBCS2 binaries without any extra work.

   Setting up shared libraries
     How to get to know which shared libraries iBCS2 binaries need, and where to get them? Depending on the file type of the executable, there are
     different possibilities (when following these instructions: you will need to be root on your NetBSD system to do the necessary installation
     steps).

     COFF binaries  You can simply copy all of the available shared libraries since they are fairly small in size.  The COFF shared libraries are
		    typically found in /shlib and can be obtained from the following sources:

		    SCO UNIX version 3.x (aka ODT)
		    SCO UNIX version 5.x (aka OpenServer)
		    SCO UnixWare
		    Many versions of SVR4.2/x86

		    After copying the shared libraries, you should have at least the following files on your system:

		    /emul/ibcs2/shlib/libc_s
		    /emul/ibcs2/shlib/libnsl_s
		    /emul/ibcs2/shlib/protlib_s

     ELF binaries   You can simply copy all of the available shared libraries from the source system or distribution or use ldd(1) to determine
		    the libraries required by a specific binary.

		    After copying the shared libraries, you should have at least the following files on your system:

		    /emul/ibcs2/usr/lib/libc.so.1
		    /emul/ibcs2/usr/lib/libcrypt.so
		    /emul/ibcs2/usr/lib/libndbm.so
		    /emul/ibcs2/usr/lib/libsocket.so.1

     If you don't have access to a SCO system, you will need to get the extra files you need from a SCO distribution.  As of January 1998, SCO
     sells a copy of SCO OpenServer (iBCS2) and/or SCO UnixWare (SVR4) for personal/non-commercial use for only the cost of shipping (about
     $20US).  The distribution comes on an ISO9660-format CDROM which can be mounted and used to copy the necessary files.

     Run the following script to copy the basic set of files from a SCO distribution directory mounted somewhere locally:

     /usr/share/examples/emul/ibcs2/ibcs2-setup [directory]

     You should now be set up for SCO binaries which only need standard shared libs.

BUGS

     The information about SCO distributions may become outdated.

     Attempting to a use a nameserver on the local host does not currently work due to an absurd shortcut taken by the iBCS2 network code (remem-
     ber that there are no kernel sockets).

     16/32/64 bit offsets may not be handled correctly in all cases.

BSD
								 February 8, 1998							       BSD
All times are GMT -4. The time now is 10:13 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy