Hello managers,
I recently started having a strange problem with netstat.
Regardless of arguments, if you run it as a regular user, it exists and
says " no namelist". As root it works fine. I checked the permissions on
netstat, /dev/kmem, and /vmunix, and everything is correct. From my
understanding namelist has something to do with the kernel and is read
from nlist(), out of /vmunix. So I recompiled the kernel and rebooted
just in case anything was wrong. At about the same time, we had a breakin
on our system, in which a non-privledged account was hacked. According to
process accounting, the hacker ran rdsym twice, which has something to do
with the kernel. (what?). I suspect this may have something to do with
it, but it does not appear that there was any root compromise. I plan to
reinstall the OS in a month or so, but I was wondering if anyone had any
insight into this problem.
Thanks,
Tom
____________________________________________________________________
Tom Leffingwell Office: Jenkins 314K
Systems Manager Office Phone: (305) 284-1962
Network Security Email: tom_at_sba.miami.edu
School of Business
University of Miami
____________________________________________________________________
Received on Tue May 06 1997 - 15:22:09 NZST