I have just seen the following when typing "screen -r"
9876.RemoteAssistance_SSH_NoMon_pf (Detached)
9828.RemoteAssistance_Web_pf (Detached)
9771.RemoteAssistance_SSH_pf (Detached)
I have never seen these before and certainly haven't enabled remote assistance. Has my system been compromised?
Thanks,
Chris
Quote from: chrisbirkinshaw on November 29, 2007, 07:44:34 PM
I have just seen the following when typing "screen -r"
9876.RemoteAssistance_SSH_NoMon_pf (Detached)
9828.RemoteAssistance_Web_pf (Detached)
9771.RemoteAssistance_SSH_pf (Detached)
I have never seen these before and certainly haven't enabled remote assistance. Has my system been compromised?
Thanks,
Chris
Hi Chris,
Hmmm... that does seem a little strange. I would suggest that you Mantis this so that it can be investigated or past as 'normal'
You can add this to the Mantis bug tracking Db here http://mantis.linuxmce.org/my_view_page.php
Andrew
Found this:
tail -f /var/log/pluto/pluto.log
1 12/04/07 17:44:02 /usr/pluto/bin/SetupRemoteAccess.sh (server) Crontab entry (special) already present. Not adding.
1 12/04/07 17:44:02 /usr/pluto/bin/RA_ChangePassword.sh (server) User 'remote' already exists. Not adding.
1 12/04/07 17:44:02 /usr/pluto/bin/RA_ChangePassword.sh (server) Setting password for 'remote' user
1 12/04/07 17:44:02 /usr/pluto/bin/SetupRemoteAccess.sh (server) SSH_pf tunnel already present. Not enabling.
1 12/04/07 17:44:03 /usr/pluto/bin/SetupRemoteAccess.sh (server) SSH_ph tunnel enabled.
1 12/04/07 17:44:03 /usr/pluto/bin/SetupRemoteAccess.sh (server) Web_pf tunnel already present. Not enabling.
1 12/04/07 17:44:03 /usr/pluto/bin/SetupRemoteAccess.sh (server) Web_ph tunnel enabled.
# more /etc/cron.d/SetupRemoteAccess
*/1 * * * * root /usr/pluto/bin/SetupRemoteAccess.sh
# more /etc/cron.d/SetupRA-Special
*/10 * * * * root /usr/pluto/bin/SetupRA-Special.sh