[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] Possible problem?
- Subject: Re: [cobalt-security] Possible problem?
- From: "William P. N. Smith" <wpns@xxxxxxxxxxxxxxx>
- Date: Sun, 22 Apr 2001 08:50:33 -0400
- Organization: ComputerSmiths Consulting, Inc.
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
I'm also getting 'extra' stuff on a RAQ2:
> > Although it is not 100% accurate (tell this to the customer), one can be
> > resonably sure that the
> > server has been hacked if any of the following produces output:
> >
> > rpm -V procps
> > rpm -V fileutils
> > rpm -V net-tools
> > rpm -V util-linux
> > ...any questions, run these on our servers.
> >
> > NOTE: util-linux will complain about:
> > S.5....T c /etc/pam.d/chfn
> > S.5....T c /etc/pam.d/chsh
> > S.5....T c /etc/pam.d/login
> > .M...... /usr/bin/newgrp
> > .M...... /usr/bin/write
> > These are OK...they should not be different, but they DO NOT show
[admin admin]$ rpm -V procps
Unsatisfied dependencies for procps-1.2.2-2: libncurses.so.3.0
[admin admin]$ rpm -V fileutils
[admin admin]$ rpm -V net-tools
[admin admin]$ rpm -V util-linux
Unsatisfied dependencies for util-linux-2.8-11C3: libncurses.so.3.0
..5..... /bin/login
S.5....T c /etc/pam.d/chfn
S.5....T c /etc/pam.d/chsh
S.5....T c /etc/pam.d/login
..5..... /usr/bin/chfn
..5..... /usr/bin/chsh
.M5..... /usr/bin/newgrp
.M...... /usr/bin/write
--
William Smith wpns@xxxxxxxxxxxxxxx N1JBJ@xxxxxxxxx
ComputerSmiths Consulting, Inc. www.compusmiths.com