[09:57] <EnTeQuAk-Work> zed: ping
[09:58] <EnTeQuAk-Work> ups, sorry.  Did not read backlog, apollo just told me ;)
[14:04] <zed> 2/clear
[14:04] <zed> raté
[14:09] <apollo13> zed: should I understand that?
[14:09] <zed> apollo13: no :)
[14:09] <apollo13> ok, so hows eshu :)
[14:10] <zed> ahem... how do I say that, I rebooted eshu in "rescue" mode
[14:10] <zed> and it seems like it has been rooter
[14:10] <zed> rooted
[14:10] <apollo13> yikes
[14:10] <zed> yup
[14:11] <apollo13> we should apply updates from time to time hm?
[14:11] <zed> don't know how it got in (pop3 user apparently, but I don't know why there was a pop3 :p)
[14:11] <zed> and then eshu : old kernel
[14:11] <zed> root exploit
[14:11] <apollo13> damn
[14:12] <apollo13> okay, what do we do now
[14:12] <zed> i'll get all the data I can
[14:12] <zed> (mailman, exim config etc...)
[14:12] <zed> and reinstall the machine
[14:12] <apollo13> don't we have backups anyways
[14:12] <apollo13> btw should we check the nfs
[14:12] <apollo13> and wasn't backupman on eshu
[14:13] <apollo13> backupppc
[14:13] <apollo13> if yes that means ssh keys for every other machine
[14:13] <zed> yup
[14:13] <zed> we should check auth.log for remote logging from eshu since 13th
[14:13] <zed> (with that particular key)
[14:14] <zed> if none then we're lucky
[14:14] <apollo13> ok starting that in 2 minutes
[14:14] <zed> ok me too
[14:14] <apollo13> zed: you don't happen to have a jabber id?
[14:18] <apollo13> zed: 13th since when?
[14:19] <apollo13> cause asa logins till 13. 01:02 backuppc
[14:21] <apollo13> I am installing rkhunter and chkrootkit on all machines :þ
[14:26] <zed> apollo13: that might be the last time it was backupe
[14:26] <zed> d
[14:26] <apollo13> jupp
[14:26] <apollo13> btw why does lastlog show jan for lastlogin
[14:27] <apollo13> auth.log (last):
[14:27] <apollo13> Dec 13 01:02:56 asa sshd[12967]: pam_unix(sshd:session): session opened for user backuppc by (uid=0)
[14:27] <apollo13> lastlog:
[14:27] <apollo13> backuppc         pts/2    eshu.ubuntu-eu.o Fri Jan  2 01:40:16 +0100 2009
[14:29] <zed> that's funny
[14:30] <apollo13> aside from beeing funny, got an explanation?
[14:31] <zed> ntpq -p ?
[14:32] <apollo13>  eshu.ubuntu-eu. .INIT.          16 u    - 1024    0    0.000    0.000   0.000
[14:32] <apollo13> if you mean that
[14:41] <apollo13> PID  5734(/proc/5734): not in readdir output
[14:41] <apollo13> PID  5734: not in ps output
[14:41] <apollo13> CWD  5734: /var/spool/nullmailer/queue
[14:41] <apollo13> on dongo
[14:41] <apollo13> nothing to worry about though I guess
[14:53] <apollo13> zed: http://paste.pocoo.org/show/kaqvNz3rxUezh8RpwYay/ can you look over that?
[14:54] <apollo13> oh and on lisa ntop is running :(
[14:55] <zed> ok, if it's just rsync server that's file
[14:55] <zed> it's the command backuppc should execute
[14:56] <apollo13> jupp, at least I couldn't find any other commands around that
[14:56] <apollo13> but might have overlooked something
[14:56] <zed> for gu that's ok
[14:56] <zed> (the packet sniffer is a false alert)
[19:50] <Agafonov> zed: we (ubuntu.ru) need to change something in DNS records but ehsu is out of order and I cannot use nsset. Is there other way?