[1444] in RedHat Linux List
Re: intrusion?!
daemon@ATHENA.MIT.EDU (Donnie Barnes)
Mon Oct 28 13:59:34 1996
To: redhat-list@redhat.com
In-reply-to: Your message of "Mon, 28 Oct 1996 12:52:14 CST."
<199610281805.NAA11154@redhat.com>
Date: Mon, 28 Oct 1996 13:22:09 -0500
From: Donnie Barnes <djb@redhat.com>
Resent-From: redhat-list@redhat.com
Reply-To: redhat-list@redhat.com
> I just got this mail:
>
> From: root@moni.msci.memphis.edu (Cron Daemon)
> To: root@moni.msci.memphis.edu
> Subject: Cron <root@moni> /usr/sbin/tmpwatch 240 /tmp /var/tmp
> X-Cron-Env: <SHELL=/bin/bash>
> X-Cron-Env: <PATH=/sbin:/bin:/usr/sbin:/usr/bin>
> X-Cron-Env: <MAILTO=root>
> X-Cron-Env: <HOME=/root>
> X-Cron-Env: <LOGNAME=root>
>
> error: error: inode information changed for No such file or directory!!!this indicates a possible intrusion attempt
>
> Is it possible that this is just caused by moving /tmp to a different
> disk and now I have the link
>
> tmp -> /disk02/tmp/
Hey! I got a mail like that too! The difference is that I don't check
root's mail *that* often, so it was a couple days later. I didn't put
two and two together, but I did the same thing you did. I'll bet that's
what it was.
--Donnie
--
Donnie Barnes http://www.redhat.com/~djb "Bah."
djb@redhat.com http://www.turner.com/lazarusman/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
_Things You'd NEVER Expect A Southerner To Say_ by Vic Henley:
** Yes, I realize that I'm suppressing my inner child.
--
PLEASE read the Red Hat FAQ, Tips, Errata and the MAILING LIST ARCHIVES!
________________________________________________________________________
http://www.redhat.com/RedHat-FAQ http://www.redhat.com/RedHat-Errata
http://www.redhat.com/RedHat-Tips http://www.redhat.com/mailing-lists
------------------------------------------------------------------------
To unsubscribe: mail -s unsubscribe redhat-list-request@redhat.com < /dev/null
