Search found 3 matches
- Fri May 11, 2018 4:33 pm
- Forum: Nagios XI
- Topic: Nagios server compromised
- Replies: 8
- Views: 2120
Re: Nagios server compromised
It looks like I'm able to delete that file with changing attribute & booting in single user mode. chattr -R -i /var/tmp/.VMX rm -rf /var/tmp/.VMX Now running ./comp_detect.sh : ./comp_detect.sh This script detects whether your Nagios XI system has been compromised by an as-yet-unnamed exploit we...
- Fri May 11, 2018 3:26 pm
- Forum: Nagios XI
- Topic: Nagios server compromised
- Replies: 8
- Views: 2120
Re: Nagios server compromised
I ran vuln_patch.sh and all went OK. Then ran comp_detec.sh and be is output I get : ./comp_detect.sh This script detects whether your Nagios XI system has been compromised by an as-yet-unnamed exploit we detected on a customer system. If it has been, please make sure to clean the affected system an...
- Wed May 09, 2018 4:54 pm
- Forum: Nagios XI
- Topic: Nagios server compromised
- Replies: 8
- Views: 2120
Nagios server compromised
Hi, We noticed CPU usage going very and then noticed process ".resyslogd" was the culprit. The location of this file is under below path : /var/tmp/.VMX/.resyslogd Should I consider as system compromised ? I have no clue about ".resyslogd" . Note - it is not rsyslog. Because &quo...