moellus@vpn:~> cat /etc/SuSE-release SuSE Linux 9.3 (i586) VERSION = 9.3
Keine Frage, hier war zero_data schneller als icke …
3rd party nagios plugins
Offiziell von nagios-announce announced:
3rd party nagios plugins gibt’s nunmehr hier.
chkrootkit unflexibel
Dass chkrootkit sich nicht wirklich mittels whitelist für definitiv nicht infected ports was sagen lässt, ist ungreat. Das beste Beispiel (steht sogar in der chkrootkit FAQ):
/etc/cron.daily/chkrootkit: INFECTED (PORTS: 465)
xmlrpc assholes
64.246.0.38 - - [08/Nov/2005:23:37:09 +0100] "POST /xmlrpc.php HTTP/1.1" 404 216 "-" "-" 64.246.0.38 - - [08/Nov/2005:23:37:14 +0100] "POST /xmlrpc/xmlrpc.php HTTP/1.1" 404 223 "-" "-" 64.246.0.38 - - [08/Nov/2005:23:37:19 +0100] "POST /xmlsrv/xmlrpc.php HTTP/1.1" 404 223 "-" "-" 64.246.0.38 - - [08/Nov/2005:23:37:25 +0100] "POST /blog/xmlrpc.php HTTP/1.1" 404 221 "-" "-" 64.246.0.38 - - [08/Nov/2005:23:37:31 +0100] "POST /drupal/xmlrpc.php HTTP/1.1" 404 223 "-" "-" 64.246.0.38 - - [08/Nov/2005:23:37:36 +0100] "POST /community/xmlrpc.php HTTP/1.1" 404 226 "-" "-" 64.246.0.38 - - [08/Nov/2005:23:37:41 +0100] "POST /blogs/xmlrpc.php HTTP/1.1" 404 222 "-" "-" 64.246.0.38 - - [08/Nov/2005:23:37:46 +0100] "POST /blogs/xmlsrv/xmlrpc.php HTTP/1.1" 404 229 "-" "-" 64.246.0.38 - - [08/Nov/2005:23:37:51 +0100] "POST /blog/xmlsrv/xmlrpc.php HTTP/1.1" 404 228 "-" "-" 64.246.0.38 - - [08/Nov/2005:23:37:57 +0100] "POST /blogtest/xmlsrv/xmlrpc.php HTTP/1.1" 404 232 "-" "-" 64.246.0.38 - - [08/Nov/2005:23:38:02 +0100] "POST /b2/xmlsrv/xmlrpc.php HTTP/1.1" 404 226 "-" "-" 64.246.0.38 - - [08/Nov/2005:23:38:07 +0100] "POST /b2evo/xmlsrv/xmlrpc.php HTTP/1.1" 404 229 "-" "-" 64.246.0.38 - - [08/Nov/2005:23:38:12 +0100] "POST /wordpress/xmlrpc.php HTTP/1.1" 404 226 "-" "-" 64.246.0.38 - - [08/Nov/2005:23:38:18 +0100] "POST /phpgroupware/xmlrpc.php HTTP/1.1" 404 229 "-" "-"