[NCLUG] RH 7.2
Charles Stevenson
core at bokeoa.com
Sun Aug 10 23:01:53 MDT 2003
Paul Wehr wrote:
> As a neophyte (relatively) in the Linux world, I'm running RedHat 7.2 on
> an old Gateway P133 just to try out some server options primarily for
> web design. I don't have it often open to the world, but I wondering if
> even that was too much.
Red Hat 7.2 has lots of holes:
http://hack.co.za/index.php?mode=browse&cat=137
> In some of the logs, I see attempted entry, including ssh. Today, I
> noticed that all of my http logs, which used to be a mere 50-60K are now
> zero. I didn't trash them. I'm only semi-paranoid, but I think I may
> have been broken into. Naturally, all of the IP addresses come up empty.
> I _was_ only getting robot searches for Windoze files/folders/programs,
> but I think this is different.
There's a cron job which runs called logrotate. See what time the logs
were zeroed and check the cron file.
> Is my best bet just to reformat and start over? It's not like I have
> anything valuable there. Or is there another option?
You say that the machine wasn't open to the world. What exactly do you
mean by that? Was is not plugged into a network at all?
peace,
core
More information about the NCLUG
mailing list