At the risk of sounding paranoid I think you should strip down and
reinstall from scratch to avoid possible back doors or trojan horses that
may have been planted on your machine.  It might be useful to let your
campus security folks look over your machine first for possible evidence.
At a minimum you might look for .rhosts files in / and in user's home
directories.

At 6:25 AM -0700 8/17/98, Brian Wildasinn wrote:
>I've been having people telnet into my box while I have a live-connection
>to my

>Is there a fix for these intrusions?

Absolutely!  Aside from the obvious necessity of having passwords on all
accounts tcp_wrappers is installed by default.  Just create the appropriate
/etc/hosts.allow and /etc/hosts.deny files and you should be fairly safe.
Also go though /etc/inetd.conf and disable stuff you don't need/use.  (Note
that there are daemons like sendmail that don't go through inetd and so may
ignore the hosts.* files.)

Hint:  put "ALL : ALL" in hosts.deny, and only put what you need in
hosts.allow.

>I wasn't able to see the connection in ps -aux or netstat -r or -a, but like
>the rest of the console messages on this netbsd-1.3.2 upgraded system, they
>scroll up from the bottom of the terminal and also appear in each open xterm
>and application.

This is only true if you are logged in as root.  Don't do that except for
maintenance, and don't *ever* do that over the net except via ssh or with
kerberized telnet.  JPL security reports that currently the biggest source
of breakins now are due to "sniffed" passwords to legitemate accounts.

>I used to have bwildasi add to the group "wheel" file, but decided to take
>it out since ftp and telnet seemed to be able to sign in with that since I
>left

This indicates a serious configuration problem.  All the tools you mention
should have execute permission for the world by default.  If for some
reason a program you build doesn't get set properly you can do a chmod
ugo+x <prog> to allow anyone to execute it.

As I said above just use root for software installation.  I do all builds
as myself and only su for the final make install step.

If you have specific rootly tools that users need frequently then look into
a program called sudo.  It lets you grant specific users specific
powers---e.g. mounting/unmounting a cdrom.

>I'm reading up on my partially installed apache server to see if that is the
>problem. It installed all its files, but still needs to have  ServerName set
>which I'm trying to do now by reading the htdocs/manual it installed .

As long as you pay attention to what you allow, Apache isn't too bad.  I
thought ServerName defaulted to the machine name.  There are other, better
places to ask Apache questions, but we can help if it's something basic.

Signature failed Preliminary Design Review.
Feasibility of a new signature is currently being evaluated.
h.b.hotz@jpl.nasa.gov, or hbhotz@oxy.edu