Maybe I'm too paranoid, but...

This is a discussion on Maybe I'm too paranoid, but... within the Linux Security forums, part of the System Security and Security Related category; I find it *very* strange that this morning I did not receive mail, as I do on a daily basis, ...


Go Back   Usenet Forums > System Security and Security Related > Linux Security

Reload this Page Maybe I'm too paranoid, but...

FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply

 

LinkBack Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old 12-10-2004
Gaétan Martineau
 
Posts: n/a
Default Maybe I'm too paranoid, but...
I find it *very* strange that this morning I did not receive mail, as I
do on a daily basis, from my router/firewall status. You see, my
crontab show, among other:

00 05 * * * (/root/bin/chkrootkit_check)
00 05 * * * (/root/bin/tripwire_check)
00 05 * * * (/root/bin/netstat_check)
00 05 * * * (/root/bin/mail_ip_address)

These scripts perform various security checks and do mail the result to
me (below edited as: myaddress@mydomain) The time is set right and
/var/log/maillog shows (below) that the messages have been sent.
However, I do not see any traces of it, wheter in spam folder or anywhere.


Why could I not receive these messages?

I changed the time to 9h00 in the crontab and then I received the
messages. Why not at 05h00...? ???

I guess a message can be lost. But this, to me would be very unusual.
Opinions and ideas are welcome.

Gaetan



Dec 10 05:00:03 chouette sendmail[26367]: iBAA02j26367: from=root,
size=151, class=0, nrcpts=1,
msgid=<200412101000.iBAA02j26367@localhost.localdo main>,
relay=root@localhost
Dec 10 05:00:03 chouette sendmail[26373]: iBAA03226373: from=root,
size=64, class=0, nrcpts=1,
msgid=<200412101000.iBAA03226373@localhost.localdo main>,
relay=root@localhost
Dec 10 05:00:09 chouette sendmail[26397]: iBAA03226373:
to=myaddress@mydomain, ctladdr=root (0/0), delay=00:00:06,
xdelay=00:00:05, mailer=esmtp, pri=30064, relay=mail.mediom.qc.ca.
[199.243.212.197], dsn=2.0.0, stat=Sent (iBA9wHGa003272 Message accepted
for delivery)
Dec 10 05:00:09 chouette sendmail[26396]: iBAA02j26367:
to=myaddress@mydomain, ctladdr=root (0/0), delay=00:00:07,
xdelay=00:00:05, mailer=esmtp, pri=30151, relay=mail.mediom.qc.ca.
[199.243.212.197], dsn=2.0.0, stat=Sent (iBA9wHGa003271 Message accepted
for delivery)
Dec 10 05:01:54 chouette sendmail[27231]: iBAA1rx27231: from=root,
size=3719, class=0, nrcpts=1,
msgid=<200412101001.iBAA1rx27231@localhost.localdo main>,
relay=root@localhost
Dec 10 05:02:00 chouette sendmail[27234]: iBAA1rx27231:
to=myaddress@mydomain, ctladdr=root (0/0), delay=00:00:07,
xdelay=00:00:06, mailer=esmtp, pri=33719, relay=mail.mediom.qc.ca.
[199.243.212.197], dsn=2.0.0, stat=Sent (iBAA07Ga003658 Message accepted
for delivery)
Dec 10 05:08:32 chouette sendmail[27242]: iBAA8WP27242: from=root,
size=4999, class=0, nrcpts=1,
msgid=<200412101008.iBAA8WP27242@localhost.localdo main>,
relay=root@localhost
Dec 10 05:08:33 chouette sendmail[27237]: iBAA70L27237: from=root,
size=541, class=0, nrcpts=1,
msgid=<200412101007.iBAA70L27237@localhost.localdo main>,
relay=root@localhost
Dec 10 05:08:34 chouette sendmail[27237]: iBAA70L27237: to=root,
ctladdr=root (0/0), delay=00:01:34, xdelay=00:00:01, mailer=local,
pri=30541, dsn=2.0.0, stat=Sent
Dec 10 05:08:38 chouette sendmail[27245]: iBAA8WP27242:
to=myaddress@mydomain, ctladdr=root (0/0), delay=00:00:06,
xdelay=00:00:05, mailer=esmtp, pri=34999, relay=mail.mediom.qc.ca.
[199.243.212.197], dsn=2.0.0, stat=Sent (iBAA6kGa005081 Message accepted
for delivery)
Dec 10 07:29:37 chouette sendmail[27525]: iBACTbx27525: from=root,
size=5006, class=0, nrcpts=1,
msgid=<200412101229.iBACTbx27525@localhost.localdo main>,
relay=root@localhost
Reply With Quote
  #2 (permalink)  
Old 12-10-2004
Mike
 
Posts: n/a
Default Re: Maybe I'm too paranoid, but...
Gaétan Martineau <gmarti@pasdespammediom.qc.ca> wrote in news:O5iud.39171
$dC3.1234033@news20.bellglobal.com:

> Why could I not receive these messages?
>

Only 2 questions:
a) was the server up at 5am? (Power shortage does happen ;-)
b) do you have anacron running to catch up in case the above is true?

If the server was up OR it was down but you have anacron, it smells
fishy...
Cheers,

--
Nekromancer
PUF (FAQ) del grupo:
http://usuarios.lycos.es/n3kr0m4nc3r/
Apuntes de seguridad:
http://www.pclandia.net/nekromancer/

"El nivel de conocimientos adquiridos es
inversamente proporcional a la temperatura del cafe"
Reply With Quote
  #3 (permalink)  
Old 12-11-2004
Hue-Bond
 
Posts: n/a
Default Re: Maybe I'm too paranoid, but...
Mike, vie20041210@17:59:51(CET):
>
> a) was the server up at 5am? (Power shortage does happen ;-)

Of course it was. Did you see the logs the OP showed us? ;^)


--
David Serrano
Reply With Quote
  #4 (permalink)  
Old 12-13-2004
Mike
 
Posts: n/a
Default Re: Maybe I'm too paranoid, but...
Hue-Bond <responder_solo_en_el_grupo@yahoo.es> wrote in
news:slrncrmi1m.260.responder_solo_en_el_grupo@gen us.hue-bond.com:

> Of course it was. Did you see the logs the OP showed us? ;^)
>

Nope, I stopped at the signature ;-)

--
Nekromancer
PUF (FAQ) del grupo:
http://usuarios.lycos.es/n3kr0m4nc3r/
Apuntes de seguridad:
http://www.pclandia.net/nekromancer/

"El nivel de conocimientos adquiridos es
inversamente proporcional a la temperatura del cafe"
Reply With Quote
Reply
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are Off
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On




All times are GMT +1. The time now is 01:48 PM.

Contact Us - Usenet Forums - Archive - Top

Powered by vBulletin® Version 3.7.3
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.0.0