/srv/irclogs.ubuntu.com/2010/12/17/#ubuntu-eu.txt

EnTeQuAk-Workzed: ping09:57
EnTeQuAk-Workups, sorry.  Did not read backlog, apollo just told me ;)09:58
zed2/clear14:04
zedraté14:04
apollo13zed: should I understand that?14:09
zedapollo13: no :)14:09
apollo13ok, so hows eshu :)14:09
zedahem... how do I say that, I rebooted eshu in "rescue" mode14:10
zedand it seems like it has been rooter14:10
zedrooted14:10
apollo13yikes14:10
zedyup14:10
apollo13we should apply updates from time to time hm?14:11
zeddon't know how it got in (pop3 user apparently, but I don't know why there was a pop3 :p)14:11
zedand then eshu : old kernel14:11
zedroot exploit14:11
apollo13damn14:11
apollo13okay, what do we do now14:12
zedi'll get all the data I can14:12
zed(mailman, exim config etc...)14:12
zedand reinstall the machine14:12
apollo13don't we have backups anyways14:12
apollo13btw should we check the nfs14:12
apollo13and wasn't backupman on eshu14:12
apollo13backupppc14:13
apollo13if yes that means ssh keys for every other machine14:13
zedyup14:13
zedwe should check auth.log for remote logging from eshu since 13th14:13
zed(with that particular key)14:13
zedif none then we're lucky14:14
apollo13ok starting that in 2 minutes14:14
zedok me too14:14
apollo13zed: you don't happen to have a jabber id?14:14
apollo13zed: 13th since when?14:18
apollo13cause asa logins till 13. 01:02 backuppc14:19
apollo13I am installing rkhunter and chkrootkit on all machines :þ14:21
zedapollo13: that might be the last time it was backupe14:26
zedd14:26
apollo13jupp14:26
apollo13btw why does lastlog show jan for lastlogin14:26
apollo13auth.log (last):14:27
apollo13Dec 13 01:02:56 asa sshd[12967]: pam_unix(sshd:session): session opened for user backuppc by (uid=0)14:27
apollo13lastlog:14:27
apollo13backuppc         pts/2    eshu.ubuntu-eu.o Fri Jan  2 01:40:16 +0100 200914:27
zedthat's funny14:29
apollo13aside from beeing funny, got an explanation?14:30
zedntpq -p ?14:31
apollo13 eshu.ubuntu-eu. .INIT.          16 u    - 1024    0    0.000    0.000   0.00014:32
apollo13if you mean that14:32
apollo13PID  5734(/proc/5734): not in readdir output14:41
apollo13PID  5734: not in ps output14:41
apollo13CWD  5734: /var/spool/nullmailer/queue14:41
apollo13on dongo14:41
apollo13nothing to worry about though I guess14:41
apollo13zed: http://paste.pocoo.org/show/kaqvNz3rxUezh8RpwYay/ can you look over that?14:53
apollo13oh and on lisa ntop is running :(14:54
zedok, if it's just rsync server that's file14:55
zedit's the command backuppc should execute14:55
apollo13jupp, at least I couldn't find any other commands around that14:56
apollo13but might have overlooked something14:56
zedfor gu that's ok14:56
zed(the packet sniffer is a false alert)14:56
Agafonovzed: we (ubuntu.ru) need to change something in DNS records but ehsu is out of order and I cannot use nsset. Is there other way?19:50

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!