• Home
• Topics
• Linux security
• Linux security risks and threats
• Scanning a compromised Fedora server

Scanning a compromised Fedora server

Requires Free Membership to View

Login



When you register, my team of editors will also send you resources covering Linux administration and management; integration and interoperability between Linux, Windows and Unix; securing Linux and mixed-platform environments; and migrating to Linux.

Cathleen A. Gagne, Senior Editorial Director

• E-mail Address: 

By submitting your registration information to SearchEnterpriseLinux.com you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchEnterpriseLinux.com is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

This does sound like malicious behaviour, but it's very hard to say exactly what the issue is based on the limited information in your question. If you think your host is compromised, then I recommend your first step should be to pull the host off the network and quarantine it for further analysis. If you don't have the capability in-house to do this analysis, then I recommend you engage a third-party security organisation or consultancy to help you out.

If you don't or can't do this then, I suggest first checking your logs to determine it isn't a mis-configuration, such as being an open relay. Check both the logs on your mail server and your host. Qmail is an excellent package when it comes to logging. Every transaction Qmail undertakes is generally logged by default. You can find some more information on Qmail troubleshooting and logging at: Qmailrocks.org or the Life with qmail troubleshooting FAQ.

The qmail mailing list is also excellent source of information and help. You can find it at http://cr.yp.to/lists.html#qmail. Remember to clearly articulate your problem, post relevant logs and detail your configuration to allow other users to properly assist you.

You can also use tools such as Wireshark or tcpdump to analyse your outgoing network traffic. A Nessus and nmap scan of your host to detect vulnerabilities or unusual ports open is also a good idea. Checking for root kits (tools used to compromise your hosts) using a tool like chkrootkit may also determine if a root kit is running.

But I strongly recommend that this sort of behaviour can often be malicious and the safest course of action, if you can't immediately identify the issue, is to remove the box from the network before it is used to further compromise yours or others' networks.

Dig Deeper

This was first published in May 2007

More from Related TechTarget Sites

• Data Center
• Server Virtualization
• Cloud computing
• Enterprise Desktop

• Data Center

  • HP previews ProLiant refresh as users eye Cisco UCS

    HP touts new management capabilities for the forthcoming Generation 8 of its ProLiant servers, but some users say they are already looking elsewhere.

  • DevOps, Opscode Chef automate online auction site’s private cloud

    A darling of the DevOps crowd, the Opscode Chef cloud configuration and automation tool is now the central point of IT control for MercadoLibre’s sprawling online auction site.

  • Data center experts push back on ASHRAE economizer requirements

    An addendum to the ASHRAE 90.1-2010 energy standard could ease energy efficiency requirements on anyone building or significantly expanding data centers in the U.S.

• Server Virtualization

  • Virtualization disaster recovery tools: No silver bullet solution

    There’s a flood of virtualization disaster recovery tools available, but an effective DR plan may require a combination of technologies and products.

  • Shedding light on Hyper-V 3.0 resource monitoring

    Hyper-V 3.0 will feature new resource-monitoring capabilities, which will be a boon for multi-tenant environments that need to calculate chargeback.

  • VCP 5 certification course deadline looms over VMware pros

    VMware pros, who are under pressure to complete their VCP 5 exam before Feb. 29 to avoid additional requirements, yearn for Microsoft-style exams.

• Cloud computing

  • Keys to integrated cloud application management

    Seamless cloud application management isn’t a pipe dream. By following a few steps, cloud admins can monitor cloud app performance from one interface.

  • Cloud infrastructure providers remain hot commodities

    Cloud infrastructure providers attracted acquisitive suitors last year. Profitable cloud vendors this year will catch the eye of telecoms.

  • Digging deeper into IBM SmartCloud for private clouds

    IBM SmartCloud services give enterprises some options to build private and hybrid clouds and may give IBM a chance to improve its lagging cloud image.

• Enterprise Desktop

  • Windows Intune helps strapped IT departments with desktop management

    Small IT departments say it's better late than never for Windows Intune -- a cloud-based desktop management app for remote desktop access, patches, antivirus and software updates.

  • Internet Explorer 6 apps hinder corporate adoption of Windows 7, IE9

    Organizations still rely on Windows XP and IE6 apps because they're a chore to upgrade. But IT pros can move without ditching legacy IE6 apps or having app compatibility problems.

  • Using Windows 7 Task Manager features for Windows memory management

    To fix your Windows memory management problems, you must first diagnose how memory is allocated. Certain Windows 7 Task Manager features can cure what ails your desktops.

• About us
• Contact us
• Site index
• Privacy policy
• Advertisers
• Business partners
• Events
• Media kit
• TechTarget corporate site
• Reprints
• Site map