i was going to look ast the files but i couldnt access any files in /dev/shm/rs-freddo said:I would have checked the config file before deleting it....
Anyway, they can now load stuff to /dev/shm/ so you need to find the vulnerable script that's being used to do that...
I don't know exactly what breaks if you disable it... I know that's not POSIX compliant though... so you may not be able to run some POSIX programs after you remove it. But that may only affect some custom/commercial programs./dev/shm is the filesystem that supports POSIX shared memory. It supports calls like shm_open() and shm_unlink(). This provides a consistent filesystem interface to shared memory, as opposed to the System V IPC which relies on the communicating processes to agree on a common protocol to generate the same key so they all access the same piece of shared memory (eg: ftok()). POSIX shared mem does away with all that mess. Now you create and use shared memory objects as if they are file system entities.
BFD runs as a cron job, not a servicebenito said:Hi!
Just a question, BFD automatically restart on every server reboot ?
Current version is now apf-0.9.4-7At command prompt type: cd apf-0.9.4-6
Current version is now bfd-0.5At command prompt type: cd bfd-0.4
I have disabled it on about 200 servers and have never faced a problem with any of the users on any of those servers. And I have been doing it this way for about an year....eth00 said:/dev/shm is part of how your system handles virtual memory. Though I am unsure of what can break using it I do not think it is the best idea to totaly disable it. Occasionaly crackers will try to upload and execute a script from /dev/shm. In the past few months it seems most of them have moved to using perl to execute the exploits though.
You didn't explain what to observe for the above? I tested tha above and almost all of them showed me a long list of files. Is that good or bad? Are you supposed to get something?Also check for:
I get those without an IP when I use WINSCP and access via root. any shell logons I always get an IP back. Not sure why SFTP does not. If you are not using SFTP or something like it, it could indicate a logon from the console itself. As it would be a local logon, it might not log 127.0.0.1juba said:I did this of sending me an email when somebody logs in the server but I got this today:
ALERT - Root Shell Access on: Sat Jan 15 01:04:40 CST 2005
What does this mean? Because there is no ip address or any other info, I tried it yesterday and it worked well, thanks for the help,