yum update problem / do i have a security problem?

Discussion in 'Server Operation' started by hfr, Feb 2, 2012.

  1. hfr

    hfr Member


    today I had a strange problem updating my centos 5.7 64-bit. The Server is used for webhosting via ispconfig 3 (-> perfect server guide)

    I looked at /usr/sbin/sshd ...

    ... and tried to change group, which did not work:

    (translation: operation is not permitted)

    After a bit of searching I found a +i-Flag in ext-attributes:

    [[email protected] ~]# lsattr /usr/sbin/sshd
    ----i-------- /usr/sbin/sshd
    After disabling that, everything worked fine again
    Now I am wondering who/what set this Flag in ext3-Attributes and who changed group of sshd to apache. May my server has been attacked successfully? I checked processes, open ports and chkrootkit but found nothing.

    Does anybody has an idea which can caused these oddities?

    Best Regards
  2. falko

    falko Super Moderator ISPConfig Developer

    Did you run rkhunter?

Share This Page