[1488] in RedHat Linux List
Re: intrusion?!
daemon@ATHENA.MIT.EDU (Wierdl Mate)
Mon Oct 28 17:56:57 1996
To: redhat-list@redhat.com
In-reply-to: Your message of "Mon, 28 Oct 1996 13:22:09 EST."
<199610281822.NAA32055@marvin.redhat.com>
Date: Mon, 28 Oct 1996 17:01:15 -0600
From: Wierdl Mate <matyi@wierdlmpc.msci.memphis.edu>
Resent-From: redhat-list@redhat.com
Reply-To: redhat-list@redhat.com
> > I just got this mail:
> >
> > From: root@moni.msci.memphis.edu (Cron Daemon)
> > To: root@moni.msci.memphis.edu
> > Subject: Cron <root@moni> /usr/sbin/tmpwatch 240 /tmp /var/tmp
> > X-Cron-Env: <SHELL=/bin/bash>
> > X-Cron-Env: <PATH=/sbin:/bin:/usr/sbin:/usr/bin>
> > X-Cron-Env: <MAILTO=root>
> > X-Cron-Env: <HOME=/root>
> > X-Cron-Env: <LOGNAME=root>
> >
> > error: error: inode information changed for No such file or directory!!!this indicates a possible intrusion attempt
> >
> > Is it possible that this is just caused by moving /tmp to a different
> > disk and now I have the link
> >
> > tmp -> /disk02/tmp/
>
> Hey! I got a mail like that too! The difference is that I don't check
> root's mail *that* often, so it was a couple days later. I didn't put
> two and two together, but I did the same thing you did. I'll bet that's
> what it was.
>
>
> --Donnie
So now I am going to get this message everyday?! Plus I am not sure if
the tmp directories are cleaned anymore because of this..
Mate
M\'at\'e Wierdl
Department of Mathematical Sciences
University of Memphis,
E-mail: matyi@moni.msci.memphis.edu
--
PLEASE read the Red Hat FAQ, Tips, Errata and the MAILING LIST ARCHIVES!
________________________________________________________________________
http://www.redhat.com/RedHat-FAQ http://www.redhat.com/RedHat-Errata
http://www.redhat.com/RedHat-Tips http://www.redhat.com/mailing-lists
------------------------------------------------------------------------
To unsubscribe: mail -s unsubscribe redhat-list-request@redhat.com < /dev/null
