cryblood wrote:
> Hey, I have a script kiddie port scanning the High # ports on
> my e-smith server. He looks like he's trying like heck to
> find what I guess to be an open port due to a trojan or
> something.
Everybody connected to the Internet gets scanned. I wouldn't necessarily worry too much about it. There are no known vulnerabilities in the e-smith server, and since there are only a few services, and only some of them accept connections from the outside network, there aren't likely to be many unknown vulnerabilities either.
> What I would like to know is; does anyone have any hints on
> how to increase the amount of logging that the e-smith
> server does?
A linux guru, guided by the customisation documentation on
http://www.e-smith.org, would be able to help you with that.
> Also, does anyone have any hints about how to know for sure if
> he got in/exactly what he did? A friend of mine who is much
> smarter than me says it looks like he definately connected to
> the server but I'm not so sure.
Anyone can connect up to the public ftp and http servers. But
just connecting doesn't achieve anything malicious.
Read up on RPM's verification feature. RPM can verify the integraty most of all installed programmes. I haven't heard of any crack scripts which also patch the RPM verification database - although it's certainly possible in theory.
Charlie