viljoens at verishare.... Guest
|
Posted: Fri Jan 09, 2015 2:31 am Post subject: [asterisk-users] Asterisk executable suddenly about 40KB lar |
|
|
Quote: | I would also start by putting an audit rule on the binary. Something like
| this:
Quote: | auditctl -w /usr/sbin/asterisk -p war -k asterisk-bin
|
Quote: | then you can get a report on who modified it and when by using:
ausearch -f /usr/sbin/asterisk
|
Quote: | Its a start, but eventually you might need to monitor even keystrokes with
| pam_tty_audit.so to understand who is doing this:
Quote: | http://poorlydocumented.com/2014/05/enabling-pam_tty_audit-on-rhel-centos-o
| r-scientific-linux/
Thanks I'll keep that in mind.
Just to report back, stopping pre-linking as detailed yesterday and setting
immutable with chattr on the Asterisk executable on the Head Office box here
appears to have solved the problem. The box did not crash this morning as it
did the previous two days and is working fine... strange, but good.
Previous to the problem starting on Tuesday, the box had been running fine
for about three years 24/7 - so I might still have some kind of compromise
going on.
Anyway thanks for the assistance everyone
Regards
Stefan
--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users |
|