Linux backdoors and logging tools-vulnerability warning-the black bar safety net

ID MYHACK58:62200714782
Type myhack58
Reporter 佚名
Modified 2007-03-30T00:00:00


After you finish editing, save the file in the/var/log will generate the tcplog file, note this file read-write properties, it should be only root has read and write permissions. Then ps-ef | grep syslogd, find the syslogd process ID, kill-HUP to restart syslogd process so that the changes take effect. Here, we can pre-take a look at the later generation of the tcplog file content, as follows:

tcpd stop to log certain connection.

logcheck. hacking is logcheck to check the mode of the file. And the following files together, from top to bottom the order of execution. This file indicates the intrusion activity patterns.