On Thu, 10 Mar 2005, Rod Walker wrote:
> I`ve added Protvino to the whitelist. I`m nervous because my test jobs
> still fail, even though the atlas ones are apparently ok. Please could you
> check the atlas013 account is ok. Error below(complete with obscenities).
In my humble opinion, from a few trivial observations I have made, the
computing element in Protvino seems hacked to me (or at least very badly
misconfigured :) ).
Two random hits:
$ globus-job-run ce001.m45.ihep.su:2119/jobmanager-fork /bin/cat /etc/issue
Fucken cern/edg/lcg/lcfg LAMERS MUST DIE!!!
\r (\m)
$ globus-job-run ce001.m45.ihep.su:2119/jobmanager-fork /bin/ls -l /usr/bin/ssh
-r-s--x--x 1 root root 273832 Sep 17 2003 /usr/bin/ssh
The first one doesn't need comment, I think. The second one is quite
suspicious - there is no reason for ssh client to be setuid root. Also
having just execute permission and not read permission is quite unusual
(together with setuid root this means that user is able to run the binary,
but not to see it's content). The filesize of this binary is different
from both stock openssh clients provided in standard RH 7.3 and SLC303.
I bet that any further 'investigation' would reveal more traces of hack
breakin.
Or are these just traces of sysadmin of ce001.m45.ihep.su sense of humor?
:)
--
Jiri Kosina
Institute of Physics, Academy of sciences of the Czech Republic
|