|
Server : Apache/2.2.22 (Unix) mod_ssl/2.2.22 OpenSSL/1.0.0-fips mod_auth_passthrough/2.1 mod_bwlimited/1.4 System : Linux server.jackjohnson.com 2.6.32-279.5.2.el6.x86_64 #1 SMP Fri Aug 24 01:07:11 UTC 2012 x86_64 User : jackjohn ( 502) PHP Version : 5.3.17 Disable Function : NONE Directory : /home/jackjohn/mail/.jackjohnson@jackjohnson_com/cur/ |
Upload File : |
Return-Path: <root@jackjohnson.nethosting.com> Received: from jackjohnson.nethosting.com (localhost [127.0.0.1]) by jackjohnson.nethosting.com (8.13.6.20060614/8.13.6) with ESMTP id l4A964mu096423 for <root@jackjohnson.nethosting.com>; Thu, 10 May 2007 03:06:04 -0600 (MDT) Received: (from root@localhost) by jackjohnson.nethosting.com (8.13.6.20060614/8.13.6/Submit) id l4A964TI096390 for root; Thu, 10 May 2007 03:06:04 -0600 (MDT) Date: Thu, 10 May 2007 03:06:04 -0600 (MDT) From: Charlie Root <root@jackjohnson.nethosting.com> Message-Id: <200705100906.l4A964TI096390@jackjohnson.nethosting.com> To: root@jackjohnson.nethosting.com Subject: jackjohnson.nethosting.com security run output Checking setuid files and devices: jackjohnson.nethosting.com setuid diffs: --- /var/log/setuid.today Sat May 5 03:06:09 2007 +++ /tmp/security.P6yUsHmM Thu May 10 03:06:04 2007 @@ -1,10 +1,10 @@ 124664331 -r-sr-xr-x 1 man wheel 33152 Mar 12 11:24:42 2007 /backup/usr/local/bin/jman 124664368 -rwxr-sr-x 1 root mail 12784 Nov 17 18:17:16 2005 /backup/usr/local/bin/lockfile -124664413 -rwxr-sr-x 1 root mail 7668 Jan 3 09:10:32 2007 /backup/usr/local/bin/muttng_dotlock +124664384 -rwxr-sr-x 1 root mail 7668 Apr 16 09:32:01 2007 /backup/usr/local/bin/muttng_dotlock 124664700 -rwsr-sr-x 1 root mail 74140 Nov 17 18:17:16 2005 /backup/usr/local/bin/procmail 124664757 -rws--x--x 1 root wheel 949226 Nov 14 15:32:22 2005 /backup/usr/local/bin/sperl5.8.7 -124664766 ---s--x--x 2 root wheel 93244 Feb 15 16:20:17 2006 /backup/usr/local/bin/sudo -124664766 ---s--x--x 2 root wheel 93244 Feb 15 16:20:17 2006 /backup/usr/local/bin/sudoedit +124664762 ---s--x--x 2 root wheel 95216 Apr 16 08:55:06 2007 /backup/usr/local/bin/sudo +124664762 ---s--x--x 2 root wheel 95216 Apr 16 08:55:06 2007 /backup/usr/local/bin/sudoedit 124956217 -rwx--s--x 1 root mail 12499 Nov 18 10:34:50 2005 /backup/usr/local/libexec/mlock 124242811 -r-sr-xr-x 1 root wheel 18332 Nov 3 01:10:07 2005 /bin/rcp 124373523 -r-sr-xr-x 1 root wheel 22528 Nov 18 08:57:07 2005 /sbin/ping @@ -50,11 +50,11 @@ 124641831 -rwsr-xr-x 1 root wheel 19380 Feb 28 13:55:07 2007 /skel/usr/local/apache2/bin/suexec 124664331 -r-sr-xr-x 1 man wheel 33152 Mar 12 11:24:42 2007 /skel/usr/local/bin/jman 124664368 -rwxr-sr-x 1 root mail 12784 Nov 17 18:17:16 2005 /skel/usr/local/bin/lockfile -124664413 -rwxr-sr-x 1 root mail 7668 Jan 3 09:10:32 2007 /skel/usr/local/bin/muttng_dotlock +124664384 -rwxr-sr-x 1 root mail 7668 Apr 16 09:32:01 2007 /skel/usr/local/bin/muttng_dotlock 124664700 -rwsr-sr-x 1 root mail 74140 Nov 17 18:17:16 2005 /skel/usr/local/bin/procmail 124664757 -rws--x--x 1 root wheel 949226 Nov 14 15:32:22 2005 /skel/usr/local/bin/sperl5.8.7 -124664766 ---s--x--x 2 root wheel 93244 Feb 15 16:20:17 2006 /skel/usr/local/bin/sudo -124664766 ---s--x--x 2 root wheel 93244 Feb 15 16:20:17 2006 /skel/usr/local/bin/sudoedit +124664762 ---s--x--x 2 root wheel 95216 Apr 16 08:55:06 2007 /skel/usr/local/bin/sudo +124664762 ---s--x--x 2 root wheel 95216 Apr 16 08:55:06 2007 /skel/usr/local/bin/sudoedit 124698111 -rwsr-xr-x 1 root bin 11451 Jun 27 14:18:28 2003 /skel/usr/local/frontpage/version5.0/apache-fp/_vti_bin/fpexe 124956217 -rwx--s--x 1 root mail 12499 Nov 18 10:34:50 2005 /skel/usr/local/libexec/mlock 125023576 -r-s--x--x 1 root wheel 15431 Mar 14 23:52:22 2007 /skel/usr/local/sbin/sinfo @@ -99,11 +99,11 @@ 124641831 -rwsr-xr-x 1 root wheel 19380 Feb 28 13:55:07 2007 /usr/local/apache2/bin/suexec 124664331 -r-sr-xr-x 1 man wheel 33152 Mar 12 11:24:42 2007 /usr/local/bin/jman 124664368 -rwxr-sr-x 1 root mail 12784 Nov 17 18:17:16 2005 /usr/local/bin/lockfile -124664413 -rwxr-sr-x 1 root mail 7668 Jan 3 09:10:32 2007 /usr/local/bin/muttng_dotlock +124664384 -rwxr-sr-x 1 root mail 7668 Apr 16 09:32:01 2007 /usr/local/bin/muttng_dotlock 124664700 -rwsr-sr-x 1 root mail 74140 Nov 17 18:17:16 2005 /usr/local/bin/procmail 124664757 -rws--x--x 1 root wheel 949226 Nov 14 15:32:22 2005 /usr/local/bin/sperl5.8.7 -124664766 ---s--x--x 2 root wheel 93244 Feb 15 16:20:17 2006 /usr/local/bin/sudo -124664766 ---s--x--x 2 root wheel 93244 Feb 15 16:20:17 2006 /usr/local/bin/sudoedit +124664762 ---s--x--x 2 root wheel 95216 Apr 16 08:55:06 2007 /usr/local/bin/sudo +124664762 ---s--x--x 2 root wheel 95216 Apr 16 08:55:06 2007 /usr/local/bin/sudoedit 124698111 -rwsr-xr-x 1 root bin 11451 Jun 27 14:18:28 2003 /usr/local/frontpage/version5.0/apache-fp/_vti_bin/fpexe 124956217 -rwx--s--x 1 root mail 12499 Nov 18 10:34:50 2005 /usr/local/libexec/mlock 125023576 -r-s--x--x 1 root wheel 15431 Mar 14 23:52:22 2007 /usr/local/sbin/sinfo jackjohnson.nethosting.com changes in mounted filesystems: --- /var/log/mount.today Sat May 5 03:06:09 2007 +++ /tmp/security.O3tbL631 Thu May 10 03:06:04 2007 @@ -1,6 +1,6 @@ /dev/aacd0s1e / ufs rw 0 0 -/dev/aacd0s1e /skel ufs ro 2 2 +/dev/aacd0s1e /skel ufs ro 0 0 devfs /dev devfs rw 0 0 procfs /proc procfs rw 0 0 -/dev/aacd0s1d /ports ufs ro 0 0 +/dev/aacd0s1d /ports ufs ro 2 2 /dev/aacd1s1e /backup ufs ro 0 0 Checking for uids of 0: root 0 toor 0 Checking for passwordless accounts: jackjohnson.nethosting.com login failures: May 9 02:14:48 jackjohnson sshd[71492]: Failed password for nobody from 222.90.234.68 port 55697 ssh2 May 9 02:14:50 jackjohnson sshd[71499]: Failed password for invalid user patrick from 222.90.234.68 port 55794 ssh2 May 9 02:14:52 jackjohnson sshd[71507]: Failed password for invalid user patrick from 222.90.234.68 port 55882 ssh2 May 9 02:14:55 jackjohnson sshd[71517]: Failed password for root from 222.90.234.68 port 55968 ssh2 May 9 02:14:57 jackjohnson sshd[71525]: Failed password for root from 222.90.234.68 port 56049 ssh2 jackjohnson.nethosting.com refused connections: -- End of security output --