From owner-FreeBSD-users-jp@jp.freebsd.org  Wed Apr 14 18:31:24 1999
Received: (from daemon@localhost)
	by jaz.jp.freebsd.org (8.9.2+3.1W/8.7.3) id SAA21164;
	Wed, 14 Apr 1999 18:31:24 +0900 (JST)
	(envelope-from owner-FreeBSD-users-jp@jp.FreeBSD.org)
Received: from mx.jaif.or.jp (ns.jaif.or.jp [202.223.55.10])
	by jaz.jp.freebsd.org (8.9.2+3.1W/8.7.3) with ESMTP id SAA21157
	for <FreeBSD-users-jp@jp.freebsd.org>; Wed, 14 Apr 1999 18:31:22 +0900 (JST)
	(envelope-from hatori@jaif.or.jp)
Received: from jaif.or.jp ([210.142.4.20]) by mx.jaif.or.jp (8.8.7/3.4W412/02/96) with ESMTP id JAA23201 for <FreeBSD-users-jp@jp.freebsd.org>; Wed, 14 Apr 1999 09:46:06 GMT
Message-ID: <37145F6E.F12B08AF@jaif.or.jp>
Date: Wed, 14 Apr 1999 18:27:10 +0900
From: Kentaro Hatori <hatori@jaif.or.jp>
Organization: PASCO Corporation
X-Mailer: Mozilla 4.5 [ja] (WinNT; I)
X-Accept-Language: ja, en,ko
MIME-Version: 1.0
To: FreeBSD-users-jp@jp.freebsd.org
References: <37144E2D.708CCE02@jaif.or.jp> <19990414173239Y.hirano@t.kanazawa-u.ac.jp>
Content-Type: text/plain; charset=iso-2022-jp
Content-Transfer-Encoding: 7bit
Reply-To: FreeBSD-users-jp@jp.freebsd.org
Precedence: list
X-Distribute: distribute version 2.1 (Alpha) patchlevel 24e+990405
X-Sequence: FreeBSD-users-jp 41185
Subject: [FreeBSD-users-jp 41185] Re: How do you do about illeagal access on 
 your host?
Errors-To: owner-FreeBSD-users-jp@jp.freebsd.org
Sender: owner-FreeBSD-users-jp@jp.freebsd.org
X-Originator: hatori@jaif.or.jp

$B$O$H$A$c$s!w%Q%9%3$G$9!#(B

Akihiro HIRANO wrote:
> 
> $B!!(Bcron$B$^$G(Bkill$B$G$-$k$H$9$k$H(Broot$B8"8B$^$GIT@5$KF@$i$l$F$$$k$G$7$g$&$+$i!"(B
> $B%M%C%H%o!<%/$+$i@Z$jN%$7$F!":F%$%s%9%H!<%k$9$k$/$i$$$N3P8g$r$7$?J}$,NI(B
> $B$$$+$b$7$l$^$;$s!#>lEv$?$jE*$JBP1~$G$O$J$/$F!#(B

$B$"$i$i(B...
$B:G=i$KIT@5%"%/%;%9$5$l$?$H$-$K!"(Bfbsdrootkit$B$J$k$b$N$r2rE`$7$F<B9T(B
$B$7$?MzNr$,;D$C$F$$$^$9!#$?$@8D?ME*M}M3$G%j%b!<%H$G$7$+%"%/%;%9$G$-(B
$B$J$$>uBV$J$N$G!"%M%C%H%o!<%/$+$i@Z$jN%$;$J$$$s$G$9!#(B

> $B!!(Bcron$B$+$J!)(B/etc/crontab$B$H(B/var/cron/tabs$B!#(B

crontab$B$OB>$N%[%9%H$HJQ$o$C$?$H$3$m$O$"$j$^$;$s$G$7$?!#(Btabs$B$O6u$G$7$?!#(B
$B$7$+$7(Blog$B$r$_$F$_$k$H!"(B

Apr 14 18:30:00 hogehoge CRON[23130]: (root) CMD (/usr/libexec/atrun)
Apr 14 18:35:00 hogehoge CRON[23153]: (root) CMD (/usr/libexec/atrun)
Apr 14 18:40:00 hogehoge CRON[23168]: (root) CMD (/usr/libexec/atrun)

$B$H$J$C$F$$$F!"$3$l$G(Bcomsat$B$,<B9T$5$l$?$N$+$J$!$H$b;W$$$^$9!#(B

> $B!!I,MW$J$i>Z5rJ]A4(B ($B%G%#%9%/$r$^$k$4$H<h$C$F$*$/$H$+(B) $B$7$F!":F%$%s%9%H!<(B
> $B%k$7$F!":#EY$O%Q%1%C%H%U%#%k%?$d(Btrcwrapper$B$d(Bssh$B$J$I$b;H$C$F!"30$+$i$N(B
> telnet$B$d(Brlogin$B$O@Z$C$F$*$/!#$J$I$J$I!#(B

$B$d$C$Q$j%j%b!<%H$G%a%s%F%J%s%9$9$k$N$O!"IT@5%"%/%;%9$r5v$929>2$K$J$k(B
$B$s$G$9$M!#$H$j$"$($:%k!<%?(B(RT100i)$B$N(Btelnet$B$K$D$$$F??LLL\$K%U%#%k%?$+(B
$B$1$F$_$^$9!#(B

-- 

    /   / Kentaro Hatori
   __  /  mailto:hatori@jaif.or.jp
 _/  _/
