OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
security-audit-help_at_ferret.lmh.ox.ac.uk
Date: Sat Aug 03 2002 - 01:45:39 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    Hi! This is the ezmlm program. I'm managing the
    security-auditferret.lmh.ox.ac.uk mailing list.

    Messages to you from the security-audit mailing list seem to
    have been bouncing. I've attached a copy of the first bounce
    message I received.

    If this message bounces too, I will send you a probe. If the probe bounces,
    I will remove your address from the security-audit mailing list,
    without further notice.

    I've kept a list of which messages from the security-audit mailing list have
    bounced from your address.

    Copies of these messages may be in the archive.
    To retrieve a set of messages 123-145 (a maximum of 100 per request),
    send an empty message to:
       <security-audit-get.123_145ferret.lmh.ox.ac.uk>

    To receive a subject and author list for the last 100 or so messages,
    send an empty message to:
       <security-audit-indexferret.lmh.ox.ac.uk>

    Here are the message numbers:

       2016
       2017

    --- Enclosed is a copy of the bounce message I received.

    Return-Path: <>
    Received: (qmail 18925 invoked from network); 22 Jul 2002 08:14:56 -0000

      by ferret.lmh.ox.ac.uk with SMTP; 22 Jul 2002 08:14:56 -0000

            id DE6FE180D9; Mon, 22 Jul 2002 03:19:39 -0500 (CDT)
    Date: Mon, 22 Jul 2002 03:19:39 -0500 (CDT)

    Subject: Undelivered Mail Returned to Sender

    MIME-Version: 1.0
    Content-Type: multipart/report; report-type=delivery-status;


    This is a MIME-encapsulated message.

    Content-Description: Notification
    Content-Type: text/plain

    I'm sorry to have to inform you that the message returned
    below could not be delivered to one or more destinations.

    For further assistance, please send mail to <postmaster>

    If you do so, please include this problem report. You can
    delete your own text from the message returned below.

                            The Postfix program

        /home/httpd/archives-mbox/current.mbox: error writing message: File too
        large

    Content-Description: Delivery error report
    Content-Type: message/delivery-status

    Arrival-Date: Mon, 22 Jul 2002 03:19:39 -0500 (CDT)

    Action: failed
    Status: 5.0.0
    Diagnostic-Code: X-Postfix; cannot append message to destination file
        /home/httpd/archives-mbox/current.mbox: error writing message: File too
        large

    Content-Description: Undelivered Message
    Content-Type: message/rfc822

    Received: from ferret.lmh.ox.ac.uk (ferret.lmh.ox.ac.uk [163.1.18.131])


    Received: (qmail 17308 invoked by uid 529); 22 Jul 2002 08:12:48 -0000
    Mailing-List: contact security-audit-helpferret.lmh.ox.ac.uk; run by ezmlm
    Precedence: bulk
    list-help: <mailto:security-audit-helpferret.lmh.ox.ac.uk>
    list-unsubscribe: <mailto:security-audit-unsubscribeferret.lmh.ox.ac.uk>
    list-post: <mailto:security-auditferret.lmh.ox.ac.uk>
    Delivered-To: mailing list security-auditferret.lmh.ox.ac.uk
    Delivered-To: moderator for security-auditferret.lmh.ox.ac.uk
    Received: (qmail 25017 invoked from network); 21 Jul 2002 23:57:07 -0000
    Date: 21 Jul 2002 23:58:06 -0000
    Message-ID: <20020721235806.29411.qmailmail.securityfocus.com>
    Content-Type: text/plain
    Content-Disposition: inline
    Content-Transfer-Encoding: binary
    MIME-Version: 1.0
    X-Mailer: MIME-tools 5.411 (Entity 5.404)
    From: Dan <silver83gte.net>
    To: security-auditferret.lmh.ox.ac.uk
    Subject: Mandrake 8.2 MSEC

    Hello guys i'm confused here if anyone could clarfy this for me that would
    be great!
    [rootpulserate silveradmin]# msec 1
    msec: unable to parse chage output

    Does anyone know what this means? why does it do this it just started
    this .. i have this on now two systems at work Is it possible that they
    got exploited some how? i keep up on updates any ideas?

    okay i currently administer 2 systesm that have mandrake 8.2(work) and 1
    8.1 at my house here
    WELL, the two systems i BELIVE but NOT sure that they are/were compromised
    I know for a fact that the system at home ISN'T Well something weird went
    first. The msec was working fine till one day some guy msged my boss
    online on IRC w/ one of our hostnames either he somehow spoofed it and got
    on w/ a Ident which isnt changeable in Mandrake for the usernames i didnt
    see anything but then ever since that the system didnt work correctly ..
    well the MSEC didnt got the error up above even if i just run 'msec'
    should just run it but it doesnt gives me that info like what changed and
    all the other goodies.. Now just recently another one of our boxes started
    to do it which hosts our websites.. now im really worried that something
    got compromised somehow someway i dont know which if anyone has any ideas
    please tell me btw i've been running the mandrake systems 8.2 for the past
    6 months and mine at home for the past 3 yrs and havent had that problem..
    so im not sure what to think as of right now hopefully someone has some
    pointers Thanks ahead of time!