So I have been experiencing some funky things with my home server. I
have noticed that directories and files are just disappearing for no
reason at all. At first I thought it might be possible that I had
somehow deleted the files or directories, but then today the most
bizarre event happend that lead me to rkhunter and this list.
Last night I created a folder called Downloads in my /home directory
on the server and put a bunch of files into it that I wanted to work
with today from my office over ssh. I got to the office, ssh'd into
the server and started moving those files around and working with
them. About 15 minutes into doing this the /home/eric/Downloads
directory and all the files left in it, just disappeared.
So I started going through my logs etc, and I noticed that back on the
14th I had a number of attempts to get into my system via ssh from two
different ip addresses. So I installed rkhunter and it went on it's
merry way. It didn't find anything unusal with the exeption of the
following:
Scanning for hidden files... [ Warning! ]
---------------
/etc/.pwd.lock /dev/.static
/dev/.udev
/dev/.initramfs
/dev/.initramfs-tools
---------------
Please inspect: /dev/.static (directory) /dev/.udev (directory)
/dev/.initramfs (directory)
This is the only item that was strange. I will confess that I am still
a bit new to Linux, having only been running it in my home for about
a year or so. The server is Debian Etch 4.0 with all the security
updates installed. My server is older for sure, about 5 or 6 years
old, so I was thinking that maybe the hard drive is just going bad,
but it seems strange that things would just start disappearing.
I think I am going to do a clean install over the weekend, but I
thougth I would check here first to see if anyone else thought I had
been compromised. I was unable to confirm in any of the logs that the
person attempting to get in was ever actually able to connect, but I
know that if they did actually connect, they might have modified the
logs to make it look like they did not.
Thanks and sorry for the long email. :)
-Eric
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Rkhunter-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/rkhunter-users
