dmcginn
ISP
- Nov 14, 2007
- 3
Hello all,
I am a network administrator, and our systems administrator has gone on leave of absence for 3 months due to some 'fatherhood' status he recently aquired. Regardless I am now stuck holding the ball for our systems, a field which I am half aquainted at best.
I was wondering if there is any suggested reading that would help me determine how I was compromised and how to prevent this from hapenning again. At the same time if there is any output anyone would like me to capture and include as documentation I would gladly add it.
I am running out of inodes on my machine, which is fine because I don't want to add to the problem!
my /var/log/message file is flooded with pam authentication errors.
my /var/log/auth.log is flooded with invalid attempts to access my box!
This is a production server, and it is running several essential services, from tracking, to dhcp, mail relay services, and acts as a proxy gateway to my internal network.
Any reccomended reading or useful tips are welcome.
I am a network administrator, and our systems administrator has gone on leave of absence for 3 months due to some 'fatherhood' status he recently aquired. Regardless I am now stuck holding the ball for our systems, a field which I am half aquainted at best.
I was wondering if there is any suggested reading that would help me determine how I was compromised and how to prevent this from hapenning again. At the same time if there is any output anyone would like me to capture and include as documentation I would gladly add it.
I am running out of inodes on my machine, which is fine because I don't want to add to the problem!
my /var/log/message file is flooded with pam authentication errors.
my /var/log/auth.log is flooded with invalid attempts to access my box!
This is a production server, and it is running several essential services, from tracking, to dhcp, mail relay services, and acts as a proxy gateway to my internal network.
Any reccomended reading or useful tips are welcome.