Login or Register to Ask a Question and Join Our Community


UNIX for Advanced & Expert Users

Any takers on a security issue

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Top Forums UNIX for Advanced & Expert Users Any takers on a security issue
# 1  
Old 03-13-2009
Tools Any takers on a security issue
Hi All

I have a issue

We have a server that the network configuration changed very recently, this unusual and this has now turned in to a security incident. Because I just finished verifying all logs

Su log, syslog, messages, sudosh.logs sudo,logs and I can’t find any trace of The ifconfig command which I should of seen,

I was wondering ifconfig does any writing to a file somewhere deep in the system

This is a Solaris 9 sparc system

Any clues no matter how far-fetched they seem

TTFN
Dan
Last edited by Neo; 03-16-2009 at 10:22 AM.. Reason: typos
# 2  
Old 03-14-2009
Does the machine obtain any network information via DHCP?
# 3  
Old 03-14-2009
Depending on the default shell on Solaris, you could grep every users (including root) history file for ifconfig commands.
Bash history file is ~/.bash_history and I think ksh is ~/.history
that MAY help
# 4  
Old 03-16-2009
To corona688

Thks, But no this server receives no dhcp info

To wempy

There are only 6 admins with that can access this server
And I did check there history files with no joy. What I’m
Looking for is a file were the config might be written

Thank you all for the effort
Dan
# 5  
Old 03-16-2009
Maybe you can simply do a search for the ifconfig command in every file in the file system, something like:

Code:
find / -exec grep -i ifconfig {} \;

Add other options to find as you see fit.
# 6  
Old 03-16-2009
Hi Neo

I tried that. And came up with nothing I want to explore
Other ways or ways that this could have been changed with-out
Using iconfig
Dan
# 7  
Old 03-16-2009
Your network configuration could also have been changed without using ifconfig. It might have been changed programmatically via another executable.
Login or Register to Ask a Question

Previous Thread | Next Thread

9 More Discussions You Might Find Interesting

1. UNIX for Beginners Questions & Answers

X Windows Security Issue

Hi there, I am trying to understanding the difference between X11, host- based versus user-based access controls. And how vulnerability can the X11 settings be and why it is recommended to turn it off. (1 Reply)
Discussion started by: alvinoo
1 Replies

2. UNIX for Beginners Questions & Answers

Finger command and security issue

$ finger yeti Login: yeti Name: yeti Directory: /arpa/tz/y/yeti Shell: /bin/ksh On since Wed Apr 2 15:24 (UTC) on pts/149 Mail last read Mon Mar 31 11:08 2014 (UTC) No Plan. Hi there, I am trying to... (2 Replies)
Discussion started by: alvinoo
2 Replies

3. Red Hat

Zimbra Mail Server Security Issue

Hello, I have issue with my Zimbra Mail Server 6.0.7. In that i have configured HTTPS for client login and for whole session. but it stills communicate in http based authentication. due to that some sniffing software are easily sniffing details. So how do i configure completely HTTPS in... (3 Replies)
Discussion started by: Chintanghanti
3 Replies

4. Red Hat

security issue

Hi all, Can someone please help to provide solutions for below security-related Linux server issue? Level : 2 UDP Constant IP Identification Field Fingerprinting Vulnerability Level : 2 TCP Sequence Number Approximation Based Denial of Service Level : 2 Operating System Detected Level : 2... (1 Reply)
Discussion started by: lseowhua
1 Replies

5. UNIX for Dummies Questions & Answers

Security issue and temp files

Hello, One of the senior network admins at work told me that I should not hard code temp files into my scripts. Rather I should use the mktemp commands in the script to create them on the fly. His argument was that if a malicious user knew the name of my temp files in the script they could... (6 Replies)
Discussion started by: mojoman
6 Replies

6. Red Hat

not able to Send mail due to Security Issue

Hi All, I am trying to send a mail from my application through SMTP in solaris 9 but unable to send a mail.Same code is able to send mail in Windows. As unix has more security,So as per me,it is due to security reason.. So please let me know what I need to do to send a mail properly. what... (5 Replies)
Discussion started by: smartgupta
5 Replies

7. Web Development

Accessing a Perl CGI script, security issue

Hi Everybody, I was wondering if it was possible for someone to gain access to my Perl CGI scripts before they are interpreted by Perl (mod_perl on apache2) i.e. getting a hold of my raw scripts and not the html output? Let's say I use the DBI module where I have the hostname, user and... (2 Replies)
Discussion started by: z1dane
2 Replies

8. Shell Programming and Scripting

Security Issue with Standard Input?

Hi Gang, Running a script in AIX 5.3. Users wanted me to add a "confirm you want to run script, enter 'y' or 'n'" kind of thing... here is what I came up with: #!/bin/sh myfile=`basename "$1"` dateNow=`date "+%m.%d.%Y.%H.%M.%S"` # Get current date mydatedfile=$myfile.$dateNow... (2 Replies)
Discussion started by: yall
2 Replies

9. Solaris

Solaris 8 security log issue

Hi all, I'm using Solaris 8 right now. Recently I've a task that needs to log down all unsuccessful login to a log for auditing purpose. What steps do I have to take to log down all login failure logs? Do I've to edit a certain file for it or done by the X-window mode? BTW, do I have to... (2 Replies)
Discussion started by: heero
2 Replies
Login or Register to Ask a Question