From: Zed Qyves (zqyves.spamtrap@gmail.com)
Date: Mon Jul 23 2007 - 02:59:11 EDT
Hello Nicola,
what's your history file telling you? Do you recognise all thecommands in there as being yours? any deleted files of interest in thesystem? Also try checking network (IDS/FW) logs to and from thatserver for the specified period.
This is mostly suitable for the "Forensics" list. Try dropping a linethere as well.
Regards,ZQ
On 7/20/07, nicola mondinelli <nicola.mondinelli@gmail.com> wrote:> situation:> DMZ linux mail server with qmail. only this service is accesible from> the net througth a dnat rule on the firewall.>> yesterday i controlled the logs:> all main logs (messages wtmp btmp syslog secure ecc...) looks VERY> strange: from 3 july to 18 july absolutely no record... after and before> they are normal. even those rotated with logrotate are similar.>> the mail logs, saved in a non-standard directory, are all ok even in the> period described before.>> executing "w" i have that the server is up from 6 days. When i logged> through ssh (from the intranet, ssh is not accessible from outside, only> 25/tcp port is open) i read that my last login was at 3july (and it> could mainly be correct).>> i've downloaded chkrootkit and it says that there is nothing> strange.(but we know how much trust we can give to this program)>> but where are all the logs of that 15 day has gone?> the system was surely up and running, because the mail se
rver worked out> the mail normally (the mail logs are intact and demonstrate a normal> work during that period), from the gateway i've looked for strange> connections, but none was found.>> using "last" command i can only see my login, no information about> reboot, boot or system failure. Obviusly before the 3July all is correct.>> any ideas?> what can i do to discover something more?>>> Thanks...>> Nicola>> ------------------------------------------------------------------------> This List Sponsored by: Cenzic>> Swap Out your SPI or Watchfire app sec solution for> Cenzic's robust, accurate risk assessment and management> solution FREE - limited Time Offer>> http://www.cenzic.com/c/wf-spi> ------------------------------------------------------------------------>>
-- ---------------------------------------------------------------------Κρέωνἐν τῇδ᾽ ἔφασκε γῇ· τὸ δὲ ζητούμενονἁλωτόν, ἐκφεύγειν δὲ τἀμελούμενον.Οιδίπους Τύρρανος [110]---------------------------------------------------------------------CreonIn this our land, so said he, those who seek Shall find; unsought, welose it utterly.Oedipus Rex [110]---------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:57 EDT