[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] Possible problem?
- Subject: Re: [cobalt-security] Possible problem?
- From: Dan Keller <dan@xxxxxxxxxx>
- Date: Wed, 18 Apr 2001 10:29:39 -0700
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
I'm running a RaQ2, and I've installed all
the updates.
Should the commands behave the same
(i.e. yield no output from these rpm commands)
on all Cobalt machines?
I'm getting the following output:
# rpm -V procps
Unsatisfied dependencies for procps-1.2.2-2: libncurses.so.3.0
#
Yeow!!! Does this mean I've been hacked???
Thank you so much,
Dan Keller
dan@xxxxxxxxxx
http://www.keller.com/
+1 415 861-4500 (voice)
+1 415 861-4593 (fax)
At 12:37 PM 4/18/01 -0400, you wrote:
>>Although it is not 100% accurate (tell this to the customer), one can be
>>resonably sure that the
>>server has been hacked if any of the following produces output:
>>
>> rpm -V procps
>> rpm -V fileutils
>> rpm -V net-tools
>> rpm -V util-linux
>> ...any questions, run these on our servers.
>>
>> NOTE: util-linux will complain about:
>> S.5....T c /etc/pam.d/chfn
>> S.5....T c /etc/pam.d/chsh
>> S.5....T c /etc/pam.d/login
>> .M...... /usr/bin/newgrp
>> .M...... /usr/bin/write
>> These are OK...they should not be different, but they DO NOT show that
>>you've been hacked.