EnTeQuAk-Work | zed: ping | 09:57 |
---|---|---|
EnTeQuAk-Work | ups, sorry. Did not read backlog, apollo just told me ;) | 09:58 |
zed | 2/clear | 14:04 |
zed | raté | 14:04 |
apollo13 | zed: should I understand that? | 14:09 |
zed | apollo13: no :) | 14:09 |
apollo13 | ok, so hows eshu :) | 14:09 |
zed | ahem... how do I say that, I rebooted eshu in "rescue" mode | 14:10 |
zed | and it seems like it has been rooter | 14:10 |
zed | rooted | 14:10 |
apollo13 | yikes | 14:10 |
zed | yup | 14:10 |
apollo13 | we should apply updates from time to time hm? | 14:11 |
zed | don't know how it got in (pop3 user apparently, but I don't know why there was a pop3 :p) | 14:11 |
zed | and then eshu : old kernel | 14:11 |
zed | root exploit | 14:11 |
apollo13 | damn | 14:11 |
apollo13 | okay, what do we do now | 14:12 |
zed | i'll get all the data I can | 14:12 |
zed | (mailman, exim config etc...) | 14:12 |
zed | and reinstall the machine | 14:12 |
apollo13 | don't we have backups anyways | 14:12 |
apollo13 | btw should we check the nfs | 14:12 |
apollo13 | and wasn't backupman on eshu | 14:12 |
apollo13 | backupppc | 14:13 |
apollo13 | if yes that means ssh keys for every other machine | 14:13 |
zed | yup | 14:13 |
zed | we should check auth.log for remote logging from eshu since 13th | 14:13 |
zed | (with that particular key) | 14:13 |
zed | if none then we're lucky | 14:14 |
apollo13 | ok starting that in 2 minutes | 14:14 |
zed | ok me too | 14:14 |
apollo13 | zed: you don't happen to have a jabber id? | 14:14 |
apollo13 | zed: 13th since when? | 14:18 |
apollo13 | cause asa logins till 13. 01:02 backuppc | 14:19 |
apollo13 | I am installing rkhunter and chkrootkit on all machines :þ | 14:21 |
zed | apollo13: that might be the last time it was backupe | 14:26 |
zed | d | 14:26 |
apollo13 | jupp | 14:26 |
apollo13 | btw why does lastlog show jan for lastlogin | 14:26 |
apollo13 | auth.log (last): | 14:27 |
apollo13 | Dec 13 01:02:56 asa sshd[12967]: pam_unix(sshd:session): session opened for user backuppc by (uid=0) | 14:27 |
apollo13 | lastlog: | 14:27 |
apollo13 | backuppc pts/2 eshu.ubuntu-eu.o Fri Jan 2 01:40:16 +0100 2009 | 14:27 |
zed | that's funny | 14:29 |
apollo13 | aside from beeing funny, got an explanation? | 14:30 |
zed | ntpq -p ? | 14:31 |
apollo13 | eshu.ubuntu-eu. .INIT. 16 u - 1024 0 0.000 0.000 0.000 | 14:32 |
apollo13 | if you mean that | 14:32 |
apollo13 | PID 5734(/proc/5734): not in readdir output | 14:41 |
apollo13 | PID 5734: not in ps output | 14:41 |
apollo13 | CWD 5734: /var/spool/nullmailer/queue | 14:41 |
apollo13 | on dongo | 14:41 |
apollo13 | nothing to worry about though I guess | 14:41 |
apollo13 | zed: http://paste.pocoo.org/show/kaqvNz3rxUezh8RpwYay/ can you look over that? | 14:53 |
apollo13 | oh and on lisa ntop is running :( | 14:54 |
zed | ok, if it's just rsync server that's file | 14:55 |
zed | it's the command backuppc should execute | 14:55 |
apollo13 | jupp, at least I couldn't find any other commands around that | 14:56 |
apollo13 | but might have overlooked something | 14:56 |
zed | for gu that's ok | 14:56 |
zed | (the packet sniffer is a false alert) | 14:56 |
Agafonov | zed: we (ubuntu.ru) need to change something in DNS records but ehsu is out of order and I cannot use nsset. Is there other way? | 19:50 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!