Guest daYz Posted September 22, 2003 Report Share Posted September 22, 2003 I have a feeling a hacker has been on my computer, but I'm not sure. Yesterday I looked in /var/log/messages and saw that some log files were changed from root to adm owner. I'm not on Mandrake now so I can't provide a lot of info, but I believe there where a leatst a few log files changed in /var/log. Does someone know if this is normal behaviour of Linux or should the Log files only be changed manually? I have tried "su adm" and provided my passwords but that didn't had any result. I am on Mandrake 9.1 Thanks for your help Quote Link to comment Share on other sites More sharing options...
tyme Posted September 22, 2003 Report Share Posted September 22, 2003 i can't remember if mandrake as an adm user that runs any programs related to the log files or not...but i would check userdrake to see if there are any users you didn't put there yourself. Quote Link to comment Share on other sites More sharing options...
mtweidmann Posted September 22, 2003 Report Share Posted September 22, 2003 You can set Firedrake to block most types of incoming communications which should protect you in future. Quote Link to comment Share on other sites More sharing options...
Guest daYz Posted September 23, 2003 Report Share Posted September 23, 2003 Thanks I didn't see any other users, but I reinstalled Mandrake. I've also had firedrake disabled for a while, so I didn't want to take any risk. Quote Link to comment Share on other sites More sharing options...
Uiler Posted September 23, 2003 Report Share Posted September 23, 2003 I have a feeling a hacker has been on my computer, but I'm not sure. Yesterday I looked in /var/log/messages and saw that some log files were changed from root to adm owner. I'm not on Mandrake now so I can't provide a lot of info, but I believe there where a leatst a few log files changed in /var/log. Does someone know if this is normal behaviour of Linux or should the Log files only be changed manually? I have tried "su adm" and provided my passwords but that didn't had any result. I am on Mandrake 9.1 Thanks for your help I'm not sure, but I don't think this is a problem. It happens on my system as well. Here is the excerpt from /var/log/auth.log (edited to remove my user name and computer name): EDIT: Decided to remove this since it might not be a good idea to have it on the web... I think it's just part of the normal msec security procedures. Quote Link to comment Share on other sites More sharing options...
Guest daYz Posted September 23, 2003 Report Share Posted September 23, 2003 I believe this is ecxactly what I saw. Thanks! Quote Link to comment Share on other sites More sharing options...
illogic-al Posted September 24, 2003 Report Share Posted September 24, 2003 You can set Firedrake to block most types of incoming communications which should protect you in future.firedrake? Quote Link to comment Share on other sites More sharing options...
iphitus Posted September 24, 2003 Report Share Posted September 24, 2003 You can set Firedrake to block most types of incoming communications which should protect you in future.firedrake? There is a firewall config utility in Mandy Control Center. It is a frontend to shorewall. I am not sure if it is called firedrake. James Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.