 | | | Removing Appletalk | Removing Appletalk 2003-05-02 - By Robert Adkins
Back
Betsy,
First off, don't trust your server/workstation ANYMORE. Secondly,
format the entire system, recreate ALL user accounts and use NEW
passwords.
Once you have done that, do some google searches to find out about
exploits that include starting up a service called "Appletalk", I am
fairly certain that this isn't really "Appletalk" so much as something
pretending to be Appletalk.
When you are rebuilding your server, make sure that you build it with
security in mind. That is, create powerful passwords, do not run ANY
unnecessary services, even for that first boot. In fact, don't even
allow the network interface to come up until you can start to "harden"
the server.
This hardening should include installing all of the security and errata
patches available through Red Hat (I assume that is your OS's vendor,
since you are on the Red Hat list.) Then, once you have that done, make
sure that you pour over all of the documents concerning security and
known exploits for the services that you are running. (If you aren't
familiar with the service enough to know that it is secure, don't run
it, or hire an outside vendor to securely build the service for you.)
It sucks to get hacked, but there isn't much that you can do to
recover, once your system is cracked.
Of course, if this is the actual "Appletalk" then it is part of the
boot process on a default Red Hat install. Appletalk is simply the
protocol used by Macintosh computers to talk to one another and it has
been a part of the Red Hat "rolled" kernel for a loooooong time.
When did this message pop-up? During or Loooong after the server was
powered up?
If you do this, do you see a process listed as Appletalk?
Command to run...
'ps -ef | grep appletalk'
You may need to run it with a capital 'A' in 'Appletalk" as well.
Good luck!
Rob
On Fri, 2003-05-02 at 17:22, Betsy Burlingame wrote:
> Hi, Everyone.
>
> I am in a bit of a mess....and am not the most
> proficient linux user (as you will probably notice
> when reading this message).
>
> Someone hacked into my development server and
> installed/started up appletalk. I was actually
> sitting in front of my computer when I noticed
> it happening and it said "starting Appletalk"
> or something similar.
>
> After Appletalk was started up, I was unable to
> shutdown correctly -- it got hung up while
> going through shutdowns. And, it won't start
> again correctly. When it is going through the
> boot up scripts it hangs on the part before it
> loads and checks the file system.
>
> I cannot find any instructions on how to uninstall
> Appletalk -- or at least stop it from starting
> at startup. From a few random messages I've found
> through google, etc... I think that it is
> conflicting with something else.
>
> This is not the first time that this has happened --
> someone has done it to my computer several times
> recently. But, this is the first time I saw it
> happening and can at least diagnose what caused
> everything to stop working.
>
> Any help would be greatly appreciated.
>
> Thank you,
>
> Betsy
>
>
>
> __ ____ ____ ____ ____ ____ ____ ____ ____ ____
> enigma-list mailing list
> enigma-list@(protected)
> https://listman.redhat.com/mailman/listinfo/enigma-list
>
Earn $52 per hosting referral at Lunarpages.
|
|
|