1

I run a Centos 5 server with a LAMP stack. I was told this morning that the server was down not serving web content. I then tried to restart httpd but it failed due to another process was listening on port 443. I checked what process was running on 443 using netstat and it was sshd. I then checked the sshd_config file to check the ports that sshd was running on but the sshd_config file was completely blank.

I than ran chkrootkit and it flagged not suspicions. What could of caused the sshd_config file to be blank, and sshd service to be restarted?

I would really value your thoughts.

All the best.

Thomas
  • 11
  • 2
  • type "ps ax | grep sshd" to see if sshd has been forced to use an alternate config file and paste the result – m0ntassar Jun 12 '12 at 09:48
  • Thanks for getting back to me. I've repopulated the SSHD config file and is now listening on port 22 again so I think ps aux | grep sshd will not be much use. – Thomas Jun 12 '12 at 09:55
  • ok, but you have to seriously investigate on that issue, sshd wouldn't decide to listen on 443 by itself if you see what I mean – m0ntassar Jun 12 '12 at 10:01
  • Files doesnt erase them selfs.. something bad happened and you should find what it was – B14D3 Jun 12 '12 at 10:01
  • Yes exactly, I am investigating the issue :) that's why I'm asking you chaps for your input.Just crawling all over the logs now. – Thomas Jun 12 '12 at 10:09

0 Answers0