Hallo Zusammen,
Ich weis das die Sicherheit ein viel besprochenes Thema hier ist. Ich möchte gar nicht groß über die notwendigen Einstellungen sprechen und werde mich
sobalt meine TS wieder läuft ausführlich damit beschäftigen. Aktuell ist mein Anliegen eine einfache Frage:
Ist hier ein Hacker am Werk Ja oder Nein ? ( Es war lokal kein Gast angemeldet ! )
Code
/root$ ps
PID Uid VmSize Stat Command
1 admin 624 S init
2 admin SW< [kthreadd]
3 admin RWN [ksoftirqd/0]
4 admin SW< [events/0]
5 admin SW< [khelper]
36 admin SW< [kblockd/0]
37 admin SW< [ata/0]
38 admin SW< [ata_aux]
41 admin SW< [khubd]
61 admin SW [pdflush]
62 admin SW [pdflush]
63 admin SW< [kswapd0]
64 admin SW< [aio/0]
65 admin SW< [cifsoplockd]
66 admin SW< [cifsdnotifyd]
193 admin SW< [scsi_eh_0]
194 admin SW< [scsi_eh_1]
198 admin SW< [scsi_eh_2]
199 admin SW< [scsi_eh_3]
200 admin SW< [scsi_eh_4]
201 admin SW< [scsi_eh_5]
244 admin SW< [mtdblockd]
274 admin SW< [kcryptd/0]
377 admin 508 S /sbin/syslogd -O /tmp/messages -s 1000
379 admin 476 S /sbin/klogd -c 7
500 admin SW< [md9_raid1]
540 admin SW< [md13_raid1]
603 admin SW< [kjournald]
618 admin 624 S /sbin/daemon_mgr
630 admin 984 S /sbin/hotswap
704 admin 468 S < qWatcodogd: keeping alive every 5 seconds...
765 admin SW< [kjournald]
782 admin SW< [md4_raid1]
922 admin 540 S /sbin/modagent
965 admin SW< [md0_raid5]
971 admin RWN [md0_resync]
979 admin SW< [kjournald2]
991 admin 856 S /sbin/qsmartd -d
1108 admin 572 S /usr/sbin/mDNSResponderPosix -f /etc/config/mDNSRespo
1283 admin 1360 S /usr/local/sbin/_thttpd_ -p 8080 -nor -nos -u admin -
1321 admin 9844 S /usr/local/apache/bin/apache -k start
1322 guest 9376 S /usr/local/apache/bin/apache -k start
1323 guest 8944 S /usr/local/apache/bin/apache -k start
1324 guest 8944 S /usr/local/apache/bin/apache -k start
1325 guest 8944 S /usr/local/apache/bin/apache -k start
1326 guest 8944 S /usr/local/apache/bin/apache -k start
1344 guest 8944 S /usr/local/apache/bin/apache -k start
1364 guest 4144 S proftpd: (accepting connections)
1371 1 440 S /usr/bin/portmap
1384 admin 388 S /usr/sbin/rpc.rquotad
1393 admin 492 S /usr/sbin/rpc.mountd
1399 admin SW [lockd]
1400 admin SW< [nfsd4]
1401 admin SW< [rpciod/0]
1402 admin SW [nfsd]
1403 admin SW [nfsd]
1404 admin SW [nfsd]
1405 admin SW [nfsd]
1406 admin SW [nfsd]
1407 admin SW [nfsd]
1408 admin SW [nfsd]
1409 admin SW [nfsd]
1412 admin 1048 S /usr/sbin/rpc.statd
1423 admin 1036 S /sbin/btd
1431 guest 544 S /sbin/ImRd -d
1462 admin 716 S /usr/sbin/crond -l 9
1485 admin 492 S /usr/sbin/ntpdated
1494 admin 2484 S /usr/sbin/stunnel /etc/stunnel/stunnel.conf
1612 admin 2880 S /usr/local/samba/sbin/smbd -l /var/log -D -s /etc/con
1613 admin 1160 S /usr/local/samba/sbin/smbd -l /var/log -D -s /etc/con
1617 admin 1996 S /usr/local/samba/sbin/nmbd -l /var/log -D -s /etc/con
1645 admin 1900 S /usr/sbin/sshd -f /etc/ssh/sshd_config -p 22
1669 admin 1672 S /sbin/ietd --port=3260
1676 admin 1744 S /usr/local/bin/snmpd -c /etc/config/snmpd.conf -p 161
1702 admin 1076 S /sbin/bcclient
1709 Timo 3940 S /usr/local/samba/sbin/smbd -l /var/log -D -s /etc/con
1714 admin 1596 S /sbin/picd
1719 admin 928 S /sbin/gpiod
1722 admin 1056 S /sbin/hwmond
1747 admin 704 S /usr/sbin/upsutil
1771 admin 876 S /usr/bin/rsyncd --daemon --sever-mode=1
1793 admin 1108 S /sbin/hd_util
1817 admin 584 S /sbin/gen_bandwidth eth0
1871 admin Z [index.cgi]
1882 admin SW< [iscsi_eh]
1900 admin SW< [qnap_et]
1906 admin 452 S /sbin/iscsid --config=/etc/config/iscsi/sbin/iscsid.c
1907 admin 2192 S < /sbin/iscsid --config=/etc/config/iscsi/sbin/iscsid.c
1911 admin Z [authLogin.cgi]
1919 admin 864 S /sbin/lcdmond
1924 admin 1276 S qLogEngined: Write log is disabled...
1929 admin 772 S /sbin/qsyslogd
1934 admin 796 S /sbin/qShield
1959 admin Z [authLogin.cgi]
1964 admin Z [index.cgi]
1968 admin 492 S /usr/sbin/upsd -u admin
1969 admin Z [ajaxRequest.cgi]
1973 admin Z [ajaxRequest.cgi]
2035 admin 3168 S sshd: admin@notty
2037 admin 1096 S -sh
2046 admin Z [diskRequest.cgi]
2048 admin Z [device_info.cgi]
2064 admin Z [device_info.cgi]
2070 admin 1320 R device_info.cgi
2071 admin 436 S /usr/local/sbin/_thttpd_ -p 8080 -nor -nos -u admin -
2072 admin 880 R ps
Alles anzeigen
Dank / Gruß
Tiage