FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > CentOS > CentOS

 
 
LinkBack Thread Tools
 
Old 04-17-2008, 02:40 AM
"CentOS List"
 
Default stunnel

Dear all,

I had notice that my logwatch has a heap of stunneling like the one below.
Is there a security breech?

**Unmatched Entries**
(1) LOG5[6504:3086657232]: Connection closed: 29433 bytes sent to SSL, 62
bytes sent to socket
(1) LOG5[9516:3086649040]: stunnel 4.15 on i686-redhat-linux-gnu with
OpenSSL 0.9.8b 04 May 2006
(1) LOG5[9516:3086649040]: Threading:PTHREAD SSL:ENGINE Sockets:POLL,IPv6
Auth:LIBWRAP
(1) LOG5[9516:3086649040]: Connection closed: 29433 bytes sent to SSL, 62
bytes sent to socket
(1) LOG5[10472:3086608080]: stunnel 4.15 on i686-redhat-linux-gnu with
OpenSSL 0.9.8b 04 May 2006
(1) LOG5[10472:3086608080]: Threading:PTHREAD SSL:ENGINE Sockets:POLL,IPv6
Auth:LIBWRAP
(1) LOG5[10472:3086608080]: Connection closed: 29434 bytes sent to SSL, 62
bytes sent to socket
(1) LOG5[11422:3086517968]: stunnel 4.15 on i686-redhat-linux-gnu with
OpenSSL 0.9.8b 04 May 2006
(1) LOG5[11422:3086517968]: Threading:PTHREAD SSL:ENGINE Sockets:POLL,IPv6
Auth:LIBWRAP
(1) LOG5[11422:3086517968]: Connection closed: 31916 bytes sent to SSL, 84
bytes sent to socket
(1) LOG5[12306:3086350032]: stunnel 4.15 on i686-redhat-linux-gnu with
OpenSSL 0.9.8b 04 May 2006
(1) LOG5[12306:3086350032]: Threading:PTHREAD SSL:ENGINE Sockets:POLL,IPv6
Auth:LIBWRAP
(1) LOG5[12306:3086350032]: Connection closed: 29482 bytes sent to SSL, 62
bytes sent to socket
(1) LOG5[13201:3086767824]: stunnel 4.15 on i686-redhat-linux-gnu with
OpenSSL 0.9.8b 04 May 2006
(1) LOG5[13201:3086767824]: Threading:PTHREAD SSL:ENGINE Sockets:POLL,IPv6
Auth:LIBWRAP
(1) LOG5[13201:3086767824]: Connection closed: 29482 bytes sent to SSL, 62
bytes sent to socket


Thanks
nic

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 04-17-2008, 12:45 PM
"Jim Perrin"
 
Default stunnel

On Wed, Apr 16, 2008 at 10:40 PM, CentOS List <centoslist@gmail.com> wrote:
> Dear all,
>
> I had notice that my logwatch has a heap of stunneling like the one below.
> Is there a security breech?


Well, just stunnel by itself doesn't mean there's a breach, unless you
never configured anything to use stunnel. You might want to do a
little more digging on the system to confirm or disprove your
suspicions. Have a look in places like /tmp or /var/tmp for hidden
scripts or directories etc.


--
During times of universal deceit, telling the truth becomes a revolutionary act.
George Orwell
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 04-18-2008, 09:55 AM
Fajar Priyanto
 
Default stunnel

On Thursday 17 April 2008 19:45:26 Jim Perrin wrote:
> Well, just stunnel by itself doesn't mean there's a breach, unless you
> never configured anything to use stunnel. You might want to do a
> little more digging on the system to confirm or disprove your
> suspicions. Have a look in places like /tmp or /var/tmp for hidden
> scripts or directories etc.

There are scripts that can help us detect this kind of things:
rkhunter, chrootkit
From Google:
http://linuxhelp.blogspot.com/2006/12/various-ways-of-detecting-rootkits-in.html
HTH,
--
Fajar Priyanto | Reg'd Linux User #327841 | Linux tutorial
http://linux2.arinet.org
16:55:26 up 9:49, 2.6.22-14-generic GNU/Linux
Let's use OpenOffice. http://www.openoffice.org
The real challenge of teaching is getting your students motivated to learn.
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 

Thread Tools




All times are GMT. The time now is 11:16 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org