Re: how to tell when you have a hacker?

Top Page
Attachments:
Message as email
+ (text/plain)
Delete this message
Reply to this message
Author: Anthony
Date:  
To: Main PLUG discussion list
Subject: Re: how to tell when you have a hacker?
as root: update-rc.d ssh remove

That will remove the init scripts which launch ssh on startup.
Another method is to simply "chmod -x /etc/init.d/ssh", so that it
can't execute.


Anthony

On 2/18/06, Mike <> wrote:
> On Saturday 18 February 2006 08:20 pm, Darrin Chandler wrote:
> > You might try looking for /etc/rcX.d/SYYsshd, where "X" is the runlevel
> > you start up in, and "YY" is any two digit number. If you find that
> > (symlink), rename SYYsshd to KYYsshd (from start to kill). There's
> > probably an admin widget to do this for you, but I don't know where to
> > find it for you.
>
> I did a 'man sshd' and see that it is indeed started by an rc?.d . However,
> How does one edit an rc.d file? I tried jpico but it said, 'error reading
> file' and vi says, 'not a regular file'.
>
> ---------------------------------------------------
> PLUG-discuss mailing list -
> To subscribe, unsubscribe, or to change you mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>

---------------------------------------------------
PLUG-discuss mailing list -
To subscribe, unsubscribe, or to change you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss