According to Todd Weaver, > On Fri, Feb 03, 2006 at 06:24:02PM +0100, Ben Meijering wrote: > [snip] > > I was looking in my /etc/rc2.d directory to see what kind of services > > were installed on my server. > > > > The contents of my rc2.d directory is as follows > > > > S10distwatchd S20courier-authdaemon S20nfs-kernel-server S89cron > > S10sysklogd S20courier-pop S20pptpd S89watchd > > S11klogd S20courier-pop-ssl S20samba S91apache > > S14ppp S20exim S20ssh > > S91apache-ssl > > S15bind9 S20inetd S21nfs-common S99rmnologin > > S15lwresd S20lpd S23killd > > S99stop-bootlogd > > S18portmap S20makedev S50proftpd > > S19sshd S20mysql S89atd > > > > I couldn't find a man page for distwatchd and just tried to run it which > > gave the following result: > > You *probably* should have less'd the file and not just executed it. > > You also could send the contents of the file in question, for review. > > > benspagina:/etc/rc2.d# /etc/init.d/distwatchd > > > > > > FUCK: Got signal 11 while manipulating kernel! > > > > Searching for this last sentence I found all sorts of pages talking > > about compromised servers. > > > > Is there a chance my system is compromised? > > You can try tiger... > sudo apt-get update > sudo apt-get install tiger > sudo tiger
I'd not run anything else from a hard drive I suspect is compromised. Reboot with a liveCD and examine it from there. Tony -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
