[CLUE-Admin] unusual server activity
Jed S. Baer
thag at frii.com
Fri Dec 5 12:43:35 MST 2003
On Fri, 05 Dec 2003 11:06:02 -0700
Lynn Danielson <lynnd at techangle.com> wrote:
> Dave Hahn wrote:
>
> > Depends on the FTP server - proftpd will run as a standalone service
> > without (x)inetd.
> >
> > Lynn Danielson wrote:
> >
> >>>> But I don't understand how this service was running when the
> >>>> inetd.conf and services entries were commented out.
> >>>
>
>
> But in proftp's case there's a seperate proftpd daemon, right? WU-FTP
> is what's installed on the old (current) CLUE server. There's no
> standalone daemon that I can find on the machine, only the in.ftpd
> program. Making this file nonexecutable did shutdown the ftp service on
> the machine, but I don't understand why this was neccessary. I verified
> that ftp wasn't running on the machine a long time ago and haven't
> worried about it since -- until now. Do we need to make sure that any
> daemons we don't want to use on the new server are actually set to be
> nonexecutable or is disabling them in inetd (or xinetd) going to be
> sufficient?
IIRC, WU-ftp will run standalone, although I don't remember the gory
details.
I know it's probably too late, but is there any way to answer the question
of how an ftp daemon got started? If not by inetd, then ...? Do we have
any forensics available (tripwire)?
jed
--
... it is poor civic hygiene to install technologies that could someday
facilitate a police state. -- Bruce Schneier
More information about the clue-admin
mailing list