No problem Chris. I and all the other folks
participating on this forum are glad to be
of any help we can
I'm sorry I haven't been much help on your
problem. If your machine has never been
connected to the "outside", It would be safe
to say that your system has not been compromised.
I would say... remove the users (userdel) and
re-add them (useradd) but you have already tried
that. If you don't mind re-installing or going
to RedHat, I would say... do so and go ahead
and reformat the disk (it may come up with bad
blocks or something). On securing telnet and ftp,
you can simply edit your /etc/inetd.conf file
and you should see two lines like...
ftp stream tcp nowait root /usr/sbin/tcpd in.ftpd -l -a
telnet stream tcp nowait root /usr/sbin/tcpd in.telnetd
...simply insert a "#" (no quotes) in the very
beginning of the line. Once this is done, you
will need to "tell" inetd to re-read the file.
run the "ps" command to find the PID do...
# ps -ef | grep inetd
root 569 1 0 Jul10 ? 00:00:00 inetd
# kill -HUP 569
...the above shows my inetd PID as 569. You would
substitute whatever PID your system shows.
This will turn off those services. When you get
more adventurous, check out the man page
for hosts_access(5) use: man 5 hosts_access
and you can set up the /etc/hosts.allow and
/etc/hosts.deny files to allow ftp and telnet
access to very specific systems or ranges of
IP addresses only. Don't forget to uncomment
the lines in /etc/inetd.conf and HUP inetd
again.
I know it's alot of stuff to assimilate so
I hope I haven't created more confusion