OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: I've been hit with ksyslogd
From: Marco Presi (mpresiFUB.IT)
Date: Thu Oct 12 2000 - 13:58:46 CDT


On Thu, 12 Oct 2000, Jan Muenther wrote:

> It's the kernel syslog daemon. I would consider disabling it a
> pretty bad idea.
> --
> Radio HUNDERT,6 Medien GmbH Berlin
> - EDV -
> j.muentherradio.hundert6.de
>

Well, I'm not sure it's kernel daemon.
The file /usr/sbin/ksyslogd is not owned by any package of my RH6.2, and
no other pc on which i have RH6.2 contains that file.
Moreover the inittab and ksyslogd have the same modify and creation
time: 27th of September at 23:00 when I'm not in the lab...
I have the hacker access logged at the same time...

Maybe he has named his daemon like the logger.

In all my pc I run Rh6.2 but none of them contains the line:

ld:2345:respawn:/usr/sbin/ksyslogd

The kernel daemon on my machines is named klogd.

--

Ciao Ciao

Marco

------------------------------------------------------------------------------- Don't miss'it http://www.linuxmeeting.org ....where all the penguins go!! Rome, November 10th-11th, 2000 -------------------------------------------------------------------------------