[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-security] Hacked, need to verify some files
- Subject: [cobalt-security] Hacked, need to verify some files
- From: Jay Nelson <jay@xxxxxxxxxxx>
- Date: Wed, 05 Dec 2001 20:08:57 -0800
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
I had a break in with a sniffer installed. No root kit.
I've cleaned up but I wanted to check a few files.
I believe my /bin/login has been spoofed but I think
that is the only file.
Can someone with a RaQ3i and all the latest updates
verify the following items match?
1) ls -al /bin/bash /bin/login /bin/ls /bin/ps /bin/su
root.root 373176 Apr 6 1999 /bin/bash
root.wheel 212244 Apr 17 1999 /bin/login
root.root 50148 Sep 8 1999 /bin/ls
root.root 60460 Apr 3 1999 /bin/ps
root.root 13208 Apr 13 1999 /bin/su
2) ls -al /usr/bin/ftp /usr/bin/passwd /usr/bin/rlogin /usr/bin/rsh
root.root 62268 Mar 21 1999 /usr/bin/ftp
root.root 10704 Apr 14 1999 /usr/bin/passwd
root.root 10516 Apr 15 1999 /usr/bin/rlogin
root.root 7780 Apr 15, 1999 /usr/bin/passwd
If you could also send me an email with the md5sum
on these same files I would appreciate it (or I can send
it to you if you wish). I will also need to get a new copy
of /bin/login from someone.
Thanks.
---------------------------------------------------
DuoMark International, Inc.
6523 Colgate Avenue, Suite 325
Los Angeles, CA 90048-4410 / USA
Voice: +1 323 381-0002
FAX: +1 323 549 0172
Email: jay@xxxxxxxxxxx
WWW: http://www.duomark.com/