เนื้อหามีประมาณนี้อ่ะครับ
ติดตรงตัว CSF หรือเปล่า แต่ผมไม่รู้ว่าต้องไปเซตปิดมันตรงไหนอ่ะครับ
E-Mail Headers
1U5VPh-0007IB-Nw-H
mail 8 12
<>
1360735309 0
-ident mail
-received_protocol local
-body_linecount 78
-max_received_linelength 99
-allow_unqualified_recipient
-allow_unqualified_sender
-frozen 1360735309
-localerror
XX
1
root@xxxxxx.com
138P Received: from mail by xxxxxx.com with local (Exim 4.80.1)
id 1U5VPh-0007IB-Nw
for root@xxxxxx.com; Wed, 13 Feb 2013 13:01:49 +0700
039 X-Failed-Recipients: root@xxxxxx.com
029 Auto-Submitted: auto-replied
056F From: Mail Delivery System <Mailer-Daemon@xxxxxx.com>
022T To: root@xxxxxx.com
059 Subject: Mail delivery failed: returning message to sender
045I Message-Id: <E1U5VPh-0007IB-Nw@xxxxxx.com>
038 Date: Wed, 13 Feb 2013 13:01:49 +0700
E-Mail Body Chunk
1U5VPh-0007IB-Nw-D
This message was created automatically by mail delivery software.
A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:
------ This is a copy of the message, including all the headers. ------
Return-path: <root@xxxxxx.com>
Received: from root by xxxxxx.com with local (Exim 4.80.1)
(envelope-from <root@xxxxxx.com>)
id 1U5VPh-0007I5-NP
for root@xxxxxx.com; Wed, 13 Feb 2013 13:01:49 +0700
To: root@xxxxxx.com
Subject: lfd on local.host.com: Suspicious process running under user rpc
From: <root@xxxxxx.com>
Message-Id: <E1U5VPh-0007I5-NP@xxxxxx.com>
Date: Wed, 13 Feb 2013 13:01:49 +0700
Time: Wed Feb 13 13:01:49 2013 +0700
PID: 2526 (Parent PID:2526)
Account: rpc
Uptime: 80489 seconds
Executable:
/sbin/portmap
Command Line (often faked in exploits):
portmap
Network connections by the process (if any):
udp: 0.0.0.0:111 -> 0.0.0.0:0
tcp: 0.0.0.0:111 -> 0.0.0.0:0
Files open by the process (if any):
/dev/null
/dev/null
/dev/null
Memory maps by the process (if any):
2b18470e7000-2b18470f0000 r-xp 00000000 08:03 19136703 /sbin/portmap
2b18472ef000-2b18472f0000 rw-p 00008000 08:03 19136703 /sbin/portmap
2b18472f0000-2b18472f1000 rw-p 2b18472f0000 00:00 0
2b18472f1000-2b184730d000 r-xp 00000000 08:03 43712523 /lib64/ld-2.5.so
2b184730d000-2b184730f000 rw-p 2b184730d000 00:00 0
2b184750d000-2b184750e000 r–p 0001c000 08:03 43712523 /lib64/ld-2.5.so
2b184750e000-2b184750f000 rw-p 0001d000 08:03 43712523 /lib64/ld-2.5.so
2b184750f000-2b1847524000 r-xp 00000000 08:03 43712569 /lib64/libnsl-2.5.so
2b1847524000-2b1847723000 —p 00015000 08:03 43712569 /lib64/libnsl-2.5.so
2b1847723000-2b1847724000 r–p 00014000 08:03 43712569 /lib64/libnsl-2.5.so
2b1847724000-2b1847725000 rw-p 00015000 08:03 43712569 /lib64/libnsl-2.5.so
2b1847725000-2b1847727000 rw-p 2b1847725000 00:00 0
2b1847727000-2b1847876000 r-xp 00000000 08:03 43712527 /lib64/libc-2.5.so
2b1847876000-2b1847a76000 —p 0014f000 08:03 43712527 /lib64/libc-2.5.so
2b1847a76000-2b1847a7a000 r–p 0014f000 08:03 43712527 /lib64/libc-2.5.so
2b1847a7a000-2b1847a7b000 rw-p 00153000 08:03 43712527 /lib64/libc-2.5.so
2b1847a7b000-2b1847a82000 rw-p 2b1847a7b000 00:00 0
2b1847a82000-2b1847a8c000 r-xp 00000000 08:03 43712538 /lib64/libnss_files-2.5.so
2b1847a8c000-2b1847c8b000 —p 0000a000 08:03 43712538 /lib64/libnss_files-2.5.so
2b1847c8b000-2b1847c8c000 r–p 00009000 08:03 43712538 /lib64/libnss_files-2.5.so
2b1847c8c000-2b1847c8d000 rw-p 0000a000 08:03 43712538 /lib64/libnss_files-2.5.so
2b1856d0d000-2b1856d2e000 rw-p 2b1856d0d000 00:00 0 [heap]
7fffe5e61000-7fffe5e76000 rw-p 7ffffffe9000 00:00 0 [stack]
7fffe5e8d000-7fffe5e90000 r-xp 7fffe5e8d000 00:00 0 [vdso]
ffffffffff600000-ffffffffffe00000 —p 00000000 00:00 0 [vsyscall]
Log
2013-02-13 13:01:49 Received from <> R=1U5VPh-0007I5-NP U=mail P=local S=3682 T="Mail delivery failed: returning message to sender"
2013-02-13 13:01:49 root@xxxxxx.com F=<> R=virtual_aliases:
*** Frozen (delivery error message)