[46031] in Hotline Meeting
m3-133-1
daemon@ATHENA.MIT.EDU (Kev)
Tue Dec 1 17:45:17 1998
To: hotline@MIT.EDU
Date: Tue, 01 Dec 1998 17:45:16 EST
From: Kev <klmitch@MIT.EDU>
This is a classroom workstation, an O2; the following messages appeared
in the console:
17:33 This system is in the middle of an update.
17:33 Please contact Athena Operations.
17:33 This system is in the middle of an update.
17:33 Please contact Athena Operations.
17:33 This system is in the middle of an update. Please contact
17:33 Athena Hotline at x3-1410. Thank you. -Athena Operations
17:33 Athena Workstation (sgi) Version Update Tue Oct 20 07:31:27 EDT 1998
The last few lines of /etc/athena/version:
[m3-133-2]-[~]-> tail /etc/athena/version
Athena Workstation (sgi) Version 8.1.17 Fri Sep 4 18:27:51 EDT 1998
Athena Workstation (sgi) Version Update Tue Sep 8 21:43:25 EDT 1998
Athena Workstation (sgi) Version 8.2.9 Tue Sep 8 22:02:34 EDT 1998
Athena Workstation (sgi) Version Update Tue Sep 22 11:13:38 EDT 1998
Athena Workstation (sgi) Version 8.2.10 Tue Sep 22 11:14:00 EDT 1998
Athena Workstation (sgi) Version Update Tue Oct 20 07:31:27 EDT 1998
I was able to successfully log in as myself, and discovered the following
very interesting stuff:
[m3-133-2]-[/]-> ls
CDROM dev lib64 os stand
Mail etc mit proc tmp
afs install nsmail public_html unix
bin lib num5.avi sbin usr
debug lib32 opt srvd var
[m3-133-2]-[/]-> ls -ld nsmail/
drwx------ 2 root sys 9 Sep 30 02:05 nsmail/
[m3-133-2]-[/]-> ls -ld public_html/
lrwxr-xr-x 1 root sys 15 Sep 4 17:46 public_html/ -> /var/www/htdocs
[m3-133-2]-[/]-> ls -ld /var/www/
drwxr-xr-x 4 root sys 40 Sep 4 17:40 /var/www/
[m3-133-2]-[/]-> ls -l /var/www/
total 16
drwxr-xr-x 4 root sys 4096 Sep 8 21:51 cgi-bin
drwxrwxrwx 11 root sys 4096 Nov 26 20:18 htdocs
Looks to me like someone tried to run a web server here, but there's
nothing in the process table and PUBLIC=true in /etc/athena/rc.conf;
/var/www/htdocs contains a number of symlinks to individual athena
users' home directories, plus some other random symlinks; those pointing
to athena homedirs are owned by them. /var/www/cgi-bin contains a
number of CGI scripts; this seems to be part of the OS distribution, as
the first one I checked has "Copyright (c) 1993 Silicon Graphics, Inc."
written across the top of it.
This is as deep as I've gone into investigating what's going on with the
machine; I made no changes on the off chance that this is the way things
are _supposed_ to be, despite how bizzare they looked ;)
Enjoy!
--
Kevin L. Mitchell <klmitch@mit.edu>
------------------------- -. .---- --.. ..- -..- --------------------------
http://web.mit.edu/klmitch/www/ (PGP5 keys availiable from here)
DSS Key ID ED0DB34E: D9BF 0E74 FDCB 43F5 C597 878F 9455 EC24 ED0D B34E
DH Key ID 2A2C31D4: 1A77 4BA5 9E32 14AE 87DA 9FEC 7106 FC62 2A2C 31D4
