Process status USER PID %CPU %MEM SIZE RSS TTY STAT START TIME COMMAND bin 60 0.0 0.6 844 208 ? S Aug 1 0:00 /usr/sbin/rpc.portmap nobody 12505 0.0 1.3 860 412 ? S 12:35 0:00 ./getstatd nobody 12545 0.0 1.4 876 436 ? S 12:37 0:00 ./getstatd nobody 12548 0.0 1.2 884 372 ? R 12:37 0:00 /bin/ps auxwww nobody 31659 0.0 0.9 852 284 ? S Aug 7 0:06 /usr/sbin/in.tproxyd -s 81 -r nobody 195.161.47.66 3128 qmaill 80 0.0 0.7 848 224 ? S Aug 1 0:03 splogger qmail qmailq 83 0.0 0.3 840 116 ? S Aug 1 0:01 qmail-clean qmailr 82 0.0 0.4 844 128 ? S Aug 1 0:00 qmail-rspawn qmails 78 0.0 0.6 888 216 ? S Aug 1 0:09 qmail-send root 1 0.0 0.9 848 296 ? S Aug 1 0:21 init [3] root 2 0.0 0.0 0 0 ? SW Aug 1 0:00 (kflushd) root 3 0.0 0.0 0 0 ? SW<Aug 1 0:00 (kswapd) root 4 0.0 0.0 0 0 ? SW Aug 1 0:00 (nfsiod) root 5 0.0 0.0 0 0 ? SW Aug 1 0:00 (nfsiod) root 6 0.0 0.0 0 0 ? SW Aug 1 0:00 (nfsiod) root 7 0.0 0.0 0 0 ? SW Aug 1 0:00 (nfsiod) root 13 0.0 0.5 824 176 ? S Aug 1 0:04 /sbin/update root 14 0.0 0.7 836 228 ? S Aug 1 0:00 /sbin/kerneld root 57 0.0 1.0 980 320 ? S Aug 1 0:00 /usr/sbin/klogd root 58 0.0 1.2 984 376 ? S Aug 1 9:13 /usr/sbin/syslogd root 62 0.0 0.8 844 272 ? S Aug 1 0:03 /usr/sbin/inetd root 64 0.0 3.2 1912 1016 ? S Aug 1 0:01 /usr/sbin/named root 66 0.0 0.6 864 216 ? S Aug 1 0:00 (lpd) root 69 0.0 0.9 884 288 ? S Aug 1 0:00 /usr/sbin/rpc.mountd root 71 0.0 1.3 996 416 ? S Aug 1 4:59 /usr/sbin/rpc.nfsd root 73 0.0 0.8 844 272 ? S Aug 1 0:02 /usr/sbin/crond -l10 root 81 0.0 0.5 844 156 ? S Aug 1 0:03 qmail-lspawn ./Mailbox root 94 0.0 1.5 1272 476 ? S Aug 1 0:00 /usr/local/samba/bin/smbd -D root 96 0.0 1.5 1120 488 ? S Aug 1 0:00 /usr/local/samba/bin/nmbd -D root 98 0.0 1.4 1036 444 ? S Aug 1 2:48 /usr/sbin/nacctd root 100 0.5 2.9 1540 900 ? S Aug 1 199:46 /etc/timeoutd root 111 0.0 0.5 840 184 3 S Aug 1 0:00 (agetty) root 112 0.0 0.5 840 184 4 S Aug 1 0:00 (agetty) root 113 0.0 0.5 840 184 5 S Aug 1 0:00 (agetty) root 114 0.0 0.5 840 164 6 S Aug 1 0:00 (agetty) root 118 0.0 23.3 9304 7224 10 S Aug 1 0:02 /sbin/serialmon /dev/ttyS1 /var/log/modemlog1 root 119 0.0 17.6 7060 5452 11 S Aug 1 0:02 /sbin/serialmon /dev/ttyS2 /var/log/modemlog2 root 120 0.0 16.9 6840 5248 12 S Aug 1 0:01 /sbin/serialmon /dev/ttyS3 /var/log/modemlog3 root 5310 0.0 2.0 1168 620 1 S Aug 21 0:00 -bash root 6032 0.0 1.3 896 412 ? S 10:24 0:00 /usr/local/sbin/mgetty ttyS1 vt100 root 10794 0.0 1.9 940 616 S2 S 11:49 0:00 modem auth -chap +pap login -detach 195.161.47.99:195.161.47.121 root 10972 0.0 1.9 1168 616 1 S 16:03 0:00 -bash root 10973 0.0 4.0 1884 1264 1 S 16:03 0:03 mc_ -m root 10974 0.0 0.2 104 72 ? S 16:03 0:00 cons.saver /dev/tty1 root 10975 0.0 1.9 1176 608 p1 S 16:03 0:00 bash -rcfile .bashrc root 11143 0.0 1.3 896 416 ? S 12:02 0:00 /usr/local/sbin/mgetty ttyS3 vt100 root 12382 0.0 0.8 844 252 ? S 12:33 0:00 in.identd -w -t120 -l root 19172 0.0 0.7 840 224 2 S Aug 17 0:00 /sbin/agetty 38400 tty2 linux	gs_mon [FREE DISK SPACE STATUS] ALERT hda3 "/" (size:73219 < 135000) OK hda2 "/tmp" (free:125310) OK hda6 "/http" (free:387886) OK hda7 "/usr/local" (free:682588) [MAXIMUM FILE SIZE STATUS] OK /etc (size:633) ALERT /var/log (size:24719 > 5000) OK /usr/local/bin (size:28913) OK /var/log/syslog (size:39) [PROCESS STATUS] OK httpd* 9 (mem:1520,cpu:0.0) ALERT in.tproxyd (process not found) ALERT squid* 1 (mem:50132,cpu:0.1) OK syslogd* 1 (mem:860,cpu:0.0) [NET SERVICE ACTIVITY] OK www.opennet.ru:80 OK www.skyway.ru:80 OK www.linux.opennet.ru:80 OK www.tyumen.ru:80 OK ftp.opennet.ru:21 OK boa.opennet.ru:25 OK boa.opennet.ru:110 ALERT www.opennet.ru:23 (timeout) [NAME SERVER STATUS] OK 195.161.17.65:www.opennet.ru OK ns.tyumen.ru:boa.opennet.ru OK ns.sibtel.ru:pentagon.opennet.ru OK www.opennet.ru:pentagon.opennet.ru ALERT ns.tyumens.ru:boa.opennets.ru (NS not respond) ALERT ns.sibtel.ru:pentagon.opennets.ru (can't find the host) ALERT www.opennets.ru:pentagon.opennet.ru (NS not respond) [NETWORK ECHO REQUEST STATUS] OK boa.opennet.ru OK www.tyumen.ru OK 127.0.0.1 [NETWORK INTERFACE STATUS] ALERT cx0: (DOWN) OK lo: (UP) OK eth0: (UP) OK eth0:0 (UP) OK eth0:1 (UP) OK eth0:2 (UP) OK eth0:3 (UP) [ROUTING STATUS] OK 195.161.17.64 (UP) OK 195.161.17.65 (UP) OK 0.0.0.0 (UP) [CHECK FOR SUID PROGRAM] /bin: /bin/su /bin/mount /bin/umount /bin/ping Num: 4 Sum. size:95836 b /sbin Num: 0 Sum. size:58197 b /usr/bin Num: 25 Sum. size:871828 b /usr/sbin Num: 1 Sum. size:81972 b ALL: Num:30 Sum. size:1107833 b [X FILES] OK (/bin/ping) OK (/bin/su) OK (/bin/login) OK (/usr/bin/passwd) OK (/usr/bin/traceroute) OK (/usr/bin/sudo) OK (/usr/sbin/sendmail) OK (/usr/bin/procmail) OK (/usr/sbin/pppd) [WARNINGS IN LOG FILES] /var/log/syslog--------------------------- Sep 25 12:52:36 periscope kernel: Checking 386/387 coupling... Ok, fpu using exception 16 error reporting. Sep 25 12:52:36 periscope kernel: Linux version 2.0.35 (root@periscope) (gcc version 2.7.2.3) #9 Fri Jul 24 16:24:08 YEKST 1998 Sep 25 12:52:36 periscope kernel: hdd: IRQ probe failed (0) Sep 25 12:52:36 periscope kernel: hdd: IRQ probe failed (0) Sep 25 12:52:36 periscope kernel: VFS: Mounted root (ext2 filesystem) readonly. Sep 25 12:53:32 periscope login[110]: invalid password for `root' on `tty1' Sep 25 20:42:14 periscope wu.ftpd[23498]: refused connect from 195.14.43.67 Sep 25 20:42:36 periscope wu.ftpd[23507]: refused connect from 195.14.43.67 Oct 7 17:13:12 periscope getstatd[16001]: Can't bind. Must be root. Oct 7 17:23:23 periscope getstatd[16139]: Can't bind. Must be root. Oct 10 04:27:11 periscope login[21340]: invalid password for `root' on `ttyp5' from `dialup-28201.dialup.ptt.ru' Oct 12 14:49:52 periscope login[24000]: invalid password for `root' on `tty3'
Net status PING localhost (127.0.0.1): 56 data bytes 64 bytes from 127.0.0.1: icmp_seq=0 ttl=64 time=0.5 ms --- localhost ping statistics --- 1 packets transmitted, 1 packets received, 0% packet loss round-trip min/avg/max = 0.5/0.5/0.5 ms Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 195.161.49.97 0.0.0.0 255.255.255.255 UH 1500 0 0 eth0 192.168.1.1 0.0.0.0 255.255.255.255 UH 1500 0 0 eth0:0 195.161.49.121 0.0.0.0 255.255.255.255 UH 1500 0 0 ppp2 195.161.49.96 0.0.0.0 255.255.255.224 U 1500 0 0 eth0 127.0.0.0 0.0.0.0 255.0.0.0 U 3584 0 0 lo 0.0.0.0 195.161.49.97 0.0.0.0 UG 1500 0 0 eth0
Current tcp connections Active Internet connections (w/o servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 382 0 boa:1080 periscope.opennet:28799 TIME_WAIT tcp 1 0 boa:1080 periscope.opennet:28802 TIME_WAIT tcp 106 255 boa:1080 periscope.opennet:28869 ESTABLISHED tcp 49 0 boa:21545 boa:pop3 CLOSE tcp 1 0 boa:pop3 boa:21545 TIME_WAIT tcp 1 0 boa:auth boa:21546 TIME_WAIT