[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [cobalt-security] Have I been hacked?
- Subject: RE: [cobalt-security] Have I been hacked?
- From: "Simon Wilson" <simon@xxxxxxxxxxxxx>
- Date: Mon, 7 Jan 2002 15:30:27 -0000
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
We already run chkrootkit on a daily basis using cron (your advice I
believe) and it is reporting nothing unusual.
I ran a netstat on the machine, nothing unusual. I can't run a portscan from
outside becase I only have a windows machine to connect from and I don't
know how to do that...yet (i'll try to find something)
The restart I mentioned shows up as this in logcheck...
Unusual System Events
=-=-=-=-=-=-=-=-=-=-=
Jan 5 04:04:14 ns1 syslogd 1.3-3: restart.
Jan 5 04:05:03 ns1 syslogd 1.3-3: restart.
Jan 5 04:06:41 ns1 named[376]: Cleaned cache of 4 RRsets
I can't tell you whether is is a server reboot or just a restart of the
logging
facility because I don't know what this means!!!I just mentioned it because
for it to appear twice is unusual.
I hope this answers some of your questions and thankyou for your help so
far, it is very much appreciated.
Simon
Full tripwire report.
Rule Summary:
============================================================================
===
----------------------------------------------------------------------------
---
Section: Unix File System
----------------------------------------------------------------------------
---
Rule Name Severity Level Added Removed
Modified
--------- -------------- ----- ------- ------
--
Invariant Directories 66 0 0 0
Temporary directories 33 0 0 0
Tripwire Data Files 100 0 0 0
Critical devices 100 0 0 0
User binaries 66 0 0 0
Tripwire Binaries 100 0 0 0
* Libraries 66 0 0 1
* File System and Disk Administraton Programs
100 0 0 34
* Kernel Administration Programs 100 0 0 9
* Networking Programs 100 0 0 14
* System Administration Programs 100 0 0 16
* Hardware and Device Control Programs
100 0 0 3
* System Information Programs 100 0 0 2
* Application Information Programs
100 0 0 2
Critical Utility Sym-Links 100 0 0 0
* Critical configuration files 100 0 1 4
OS executables and libraries 100 0 0 0
System boot changes 100 0 0 0
* Security Control 100 0 0 7
Login Scripts 100 0 0 0
* Operating System Utilities 100 0 0 41
Shell Binaries 100 0 0 0
* Critical system boot files 100 0 0 5
(/boot)
* Root config files 100 0 0 5
Total objects scanned: 7233
Total violations found: 144
============================================================================
===
Object Summary:
============================================================================
===
----------------------------------------------------------------------------
---
# Section: Unix File System
----------------------------------------------------------------------------
---
----------------------------------------------------------------------------
---
Rule Name: Libraries (/usr/lib)
Severity Level: 66
----------------------------------------------------------------------------
---
Modified:
"/usr/lib/perl5/man/whatis"
----------------------------------------------------------------------------
---
Rule Name: File System and Disk Administraton Programs (/sbin/badblocks)
Severity Level: 100
----------------------------------------------------------------------------
---
Modified:
"/sbin/badblocks"
----------------------------------------------------------------------------
---
Rule Name: File System and Disk Administraton Programs (/sbin/e2fsck)
Severity Level: 100
----------------------------------------------------------------------------
---
Modified:
"/sbin/e2fsck"
----------------------------------------------------------------------------
---
Rule Name: File System and Disk Administraton Programs (/sbin/debugfs)
Severity Level: 100
----------------------------------------------------------------------------
---
Modified:
"/sbin/debugfs"
----------------------------------------------------------------------------
---
Rule Name: File System and Disk Administraton Programs (/sbin/dumpe2fs)
Severity Level: 100
----------------------------------------------------------------------------
---
Modified:
"/sbin/dumpe2fs"
----------------------------------------------------------------------------
---
Rule Name: File System and Disk Administraton Programs (/sbin/e2label)
Severity Level: 100
----------------------------------------------------------------------------
---
Modified:
"/sbin/e2label"
----------------------------------------------------------------------------
---
Rule Name: File System and Disk Administraton Programs (/sbin/fdisk)
Severity Level: 100
----------------------------------------------------------------------------
---
Modified:
"/sbin/fdisk"
----------------------------------------------------------------------------
---
Rule Name: File System and Disk Administraton Programs (/sbin/fsck)
Severity Level: 100
----------------------------------------------------------------------------
---
Modified:
"/sbin/fsck"
----------------------------------------------------------------------------
---
Rule Name: File System and Disk Administraton Programs (/sbin/fsck.ext2)
Severity Level: 100
----------------------------------------------------------------------------
---
Modified:
"/sbin/fsck.ext2"
----------------------------------------------------------------------------
---
Rule Name: File System and Disk Administraton Programs (/sbin/hdparm)
Severity Level: 100
----------------------------------------------------------------------------
---
Modified:
"/sbin/hdparm"
----------------------------------------------------------------------------
---
Rule Name: File System and Disk Administraton Programs (/sbin/mke2fs)
Severity Level: 100
----------------------------------------------------------------------------
---
Modified:
"/sbin/mke2fs"
----------------------------------------------------------------------------
---
Rule Name: File System and Disk Administraton Programs (/sbin/mkfs)
Severity Level: 100
----------------------------------------------------------------------------
---
Modified:
"/sbin/mkfs"
----------------------------------------------------------------------------
---
Rule Name: File System and Disk Administraton Programs (/sbin/mkfs.ext2)
Severity Level: 100
----------------------------------------------------------------------------
---
Modified:
"/sbin/mkfs.ext2"
----------------------------------------------------------------------------
---
Rule Name: File System and Disk Administraton Programs (/sbin/mkpv)
Severity Level: 100
----------------------------------------------------------------------------
---
Modified:
"/sbin/mkpv"
----------------------------------------------------------------------------
---
Rule Name: File System and Disk Administraton Programs (/sbin/mkraid)
Severity Level: 100
----------------------------------------------------------------------------
---
Modified:
"/sbin/mkraid"
----------------------------------------------------------------------------
---
Rule Name: File System and Disk Administraton Programs (/sbin/mkswap)
Severity Level: 100
----------------------------------------------------------------------------
---
Modified:
"/sbin/mkswap"
----------------------------------------------------------------------------
---
Rule Name: File System and Disk Administraton Programs (/sbin/quotacheck)
Severity Level: 100
----------------------------------------------------------------------------
---
Modified:
"/sbin/quotacheck"
----------------------------------------------------------------------------
---
Rule Name: File System and Disk Administraton Programs (/sbin/quotaon)
Severity Level: 100
----------------------------------------------------------------------------
---
Modified:
"/sbin/quotaon"
----------------------------------------------------------------------------
---
Rule Name: File System and Disk Administraton Programs (/sbin/raidstart)
Severity Level: 100
----------------------------------------------------------------------------
---
Modified:
"/sbin/raidstart"
----------------------------------------------------------------------------
---
Rule Name: File System and Disk Administraton Programs (/sbin/sfdisk)
Severity Level: 100
----------------------------------------------------------------------------
---
Modified:
"/sbin/sfdisk"
----------------------------------------------------------------------------
---
Rule Name: File System and Disk Administraton Programs (/sbin/tune2fs)
Severity Level: 100
----------------------------------------------------------------------------
---
Modified:
"/sbin/tune2fs"
----------------------------------------------------------------------------
---
Rule Name: File System and Disk Administraton Programs (/sbin/update)
Severity Level: 100
----------------------------------------------------------------------------
---
Modified:
"/sbin/update"
----------------------------------------------------------------------------
---
Rule Name: Kernel Administration Programs (/sbin/depmod)
Severity Level: 100
----------------------------------------------------------------------------
---
Modified:
"/sbin/depmod"
----------------------------------------------------------------------------
---
Rule Name: Kernel Administration Programs (/sbin/ctrlaltdel)
Severity Level: 100
----------------------------------------------------------------------------
---
Modified:
"/sbin/ctrlaltdel"
----------------------------------------------------------------------------
---
Rule Name: Kernel Administration Programs (/sbin/insmod)
Severity Level: 100
----------------------------------------------------------------------------
---
Modified:
"/sbin/insmod"
----------------------------------------------------------------------------
---
Rule Name: Kernel Administration Programs (/sbin/insmod.static)
Severity Level: 100
----------------------------------------------------------------------------
---
Modified:
"/sbin/insmod.static"
----------------------------------------------------------------------------
---
Rule Name: Kernel Administration Programs (/sbin/insmod_ksymoops_clean)
Severity Level: 100
----------------------------------------------------------------------------
---
Modified:
"/sbin/insmod_ksymoops_clean"
----------------------------------------------------------------------------
---
Rule Name: Kernel Administration Programs (/sbin/klogd)
Severity Level: 100
----------------------------------------------------------------------------
---
Modified:
"/sbin/klogd"
----------------------------------------------------------------------------
---
Rule Name: Kernel Administration Programs (/sbin/ldconfig)
Severity Level: 100
----------------------------------------------------------------------------
---
Modified:
"/sbin/ldconfig"
----------------------------------------------------------------------------
---
Rule Name: Kernel Administration Programs (/sbin/modinfo)
Severity Level: 100
----------------------------------------------------------------------------
---
Modified:
"/sbin/modinfo"
----------------------------------------------------------------------------
---
Rule Name: Kernel Administration Programs (/sbin/sysctl)
Severity Level: 100
----------------------------------------------------------------------------
---
Modified:
"/sbin/sysctl"
----------------------------------------------------------------------------
---
Rule Name: Networking Programs (/sbin/arp)
Severity Level: 100
----------------------------------------------------------------------------
---
Modified:
"/sbin/arp"
----------------------------------------------------------------------------
---
Rule Name: Networking Programs (/sbin/dhcpcd)
Severity Level: 100
----------------------------------------------------------------------------
---
Modified:
"/sbin/dhcpcd"
----------------------------------------------------------------------------
---
Rule Name: Networking Programs (/sbin/getty)
Severity Level: 100
----------------------------------------------------------------------------
---
Modified:
"/sbin/getty"
----------------------------------------------------------------------------
---
Rule Name: Networking Programs (/sbin/ifconfig)
Severity Level: 100
----------------------------------------------------------------------------
---
Modified:
"/sbin/ifconfig"
----------------------------------------------------------------------------
---
Rule Name: Networking Programs (/sbin/ipmaddr)
Severity Level: 100
----------------------------------------------------------------------------
---
Modified:
"/sbin/ipmaddr"
----------------------------------------------------------------------------
---
Rule Name: Networking Programs (/sbin/iptunnel)
Severity Level: 100
----------------------------------------------------------------------------
---
Modified:
"/sbin/iptunnel"
----------------------------------------------------------------------------
---
Rule Name: Networking Programs (/sbin/netreport)
Severity Level: 100
----------------------------------------------------------------------------
---
Modified:
"/sbin/netreport"
----------------------------------------------------------------------------
---
Rule Name: Networking Programs (/sbin/plipconfig)
Severity Level: 100
----------------------------------------------------------------------------
---
Modified:
"/sbin/plipconfig"
----------------------------------------------------------------------------
---
Rule Name: Networking Programs (/sbin/portmap)
Severity Level: 100
----------------------------------------------------------------------------
---
Modified:
"/sbin/portmap"
----------------------------------------------------------------------------
---
Rule Name: Networking Programs (/sbin/rarp)
Severity Level: 100
----------------------------------------------------------------------------
---
Modified:
"/sbin/rarp"
----------------------------------------------------------------------------
---
Rule Name: Networking Programs (/sbin/route)
Severity Level: 100
----------------------------------------------------------------------------
---
Modified:
"/sbin/route"
----------------------------------------------------------------------------
---
Rule Name: Networking Programs (/sbin/slattach)
Severity Level: 100
----------------------------------------------------------------------------
---
Modified:
"/sbin/slattach"
----------------------------------------------------------------------------
---
Rule Name: Networking Programs (/sbin/uugetty)
Severity Level: 100
----------------------------------------------------------------------------
---
Modified:
"/sbin/uugetty"
----------------------------------------------------------------------------
---
Rule Name: System Administration Programs (/sbin/chkconfig)
Severity Level: 100
----------------------------------------------------------------------------
---
Modified:
"/sbin/chkconfig"
----------------------------------------------------------------------------
---
Rule Name: System Administration Programs (/sbin/fuser)
Severity Level: 100
----------------------------------------------------------------------------
---
Modified:
"/sbin/fuser"
----------------------------------------------------------------------------
---
Rule Name: System Administration Programs (/sbin/halt)
Severity Level: 100
----------------------------------------------------------------------------
---
Modified:
"/sbin/halt"
----------------------------------------------------------------------------
---
Rule Name: System Administration Programs (/sbin/init)
Severity Level: 100
----------------------------------------------------------------------------
---
Modified:
"/sbin/init"
----------------------------------------------------------------------------
---
Rule Name: System Administration Programs (/sbin/killall5)
Severity Level: 100
----------------------------------------------------------------------------
---
Modified:
"/sbin/killall5"
----------------------------------------------------------------------------
---
Rule Name: System Administration Programs (/sbin/pwdb_chkpwd)
Severity Level: 100
----------------------------------------------------------------------------
---
Modified:
"/sbin/pwdb_chkpwd"
----------------------------------------------------------------------------
---
Rule Name: System Administration Programs (/sbin/rpc.lockd)
Severity Level: 100
----------------------------------------------------------------------------
---
Modified:
"/sbin/rpc.lockd"
----------------------------------------------------------------------------
---
Rule Name: System Administration Programs (/sbin/rpc.statd)
Severity Level: 100
----------------------------------------------------------------------------
---
Modified:
"/sbin/rpc.statd"
----------------------------------------------------------------------------
---
Rule Name: System Administration Programs (/sbin/rpcdebug)
Severity Level: 100
----------------------------------------------------------------------------
---
Modified:
"/sbin/rpcdebug"
----------------------------------------------------------------------------
---
Rule Name: System Administration Programs (/sbin/shutdown)
Severity Level: 100
----------------------------------------------------------------------------
---
Modified:
"/sbin/shutdown"
----------------------------------------------------------------------------
---
Rule Name: System Administration Programs (/sbin/sulogin)
Severity Level: 100
----------------------------------------------------------------------------
---
Modified:
"/sbin/sulogin"
----------------------------------------------------------------------------
---
Rule Name: System Administration Programs (/sbin/swapon)
Severity Level: 100
----------------------------------------------------------------------------
---
Modified:
"/sbin/swapon"
----------------------------------------------------------------------------
---
Rule Name: System Administration Programs (/sbin/syslogd)
Severity Level: 100
----------------------------------------------------------------------------
---
Modified:
"/sbin/syslogd"
----------------------------------------------------------------------------
---
Rule Name: System Administration Programs (/sbin/unix_chkpwd)
Severity Level: 100
----------------------------------------------------------------------------
---
Modified:
"/sbin/unix_chkpwd"
----------------------------------------------------------------------------
---
Rule Name: Hardware and Device Control Programs (/sbin/hwclock)
Severity Level: 100
----------------------------------------------------------------------------
---
Modified:
"/sbin/hwclock"
----------------------------------------------------------------------------
---
Rule Name: Hardware and Device Control Programs (/sbin/kbdrate)
Severity Level: 100
----------------------------------------------------------------------------
---
Modified:
"/sbin/kbdrate"
----------------------------------------------------------------------------
---
Rule Name: Hardware and Device Control Programs (/sbin/losetup)
Severity Level: 100
----------------------------------------------------------------------------
---
Modified:
"/sbin/losetup"
----------------------------------------------------------------------------
---
Rule Name: System Information Programs (/sbin/kernelversion)
Severity Level: 100
----------------------------------------------------------------------------
---
Modified:
"/sbin/kernelversion"
----------------------------------------------------------------------------
---
Rule Name: System Information Programs (/sbin/runlevel)
Severity Level: 100
----------------------------------------------------------------------------
---
Modified:
"/sbin/runlevel"
----------------------------------------------------------------------------
---
Rule Name: Application Information Programs (/sbin/genksyms)
Severity Level: 100
----------------------------------------------------------------------------
---
Modified:
"/sbin/genksyms"
----------------------------------------------------------------------------
---
Rule Name: Application Information Programs (/sbin/sln)
Severity Level: 100
----------------------------------------------------------------------------
---
Modified:
"/sbin/sln"
----------------------------------------------------------------------------
---
Rule Name: Security Control (/etc/group)
Severity Level: 100
----------------------------------------------------------------------------
---
Modified:
"/etc/group"
----------------------------------------------------------------------------
---
Rule Name: Security Control (/etc/security)
Severity Level: 100
----------------------------------------------------------------------------
---
Modified:
"/etc/security/access.conf"
"/etc/security/console.perms"
"/etc/security/group.conf"
"/etc/security/limits.conf"
"/etc/security/pam_env.conf"
"/etc/security/time.conf"
----------------------------------------------------------------------------
---
Rule Name: Critical configuration files (/etc/hosts.allow)
Severity Level: 100
----------------------------------------------------------------------------
---
Modified:
"/etc/hosts.allow"
----------------------------------------------------------------------------
---
Rule Name: Critical configuration files (/etc/hosts.deny)
Severity Level: 100
----------------------------------------------------------------------------
---
Modified:
"/etc/hosts.deny"
----------------------------------------------------------------------------
---
Rule Name: File System and Disk Administraton Programs (/bin/mount)
Severity Level: 100
----------------------------------------------------------------------------
---
Modified:
"/bin/mount"
----------------------------------------------------------------------------
---
Rule Name: File System and Disk Administraton Programs (/bin/umount)
Severity Level: 100
----------------------------------------------------------------------------
---
Modified:
"/bin/umount"
----------------------------------------------------------------------------
---
Rule Name: File System and Disk Administraton Programs (/bin/touch)
Severity Level: 100
----------------------------------------------------------------------------
---
Modified:
"/bin/touch"
----------------------------------------------------------------------------
---
Rule Name: File System and Disk Administraton Programs (/bin/mkdir)
Severity Level: 100
----------------------------------------------------------------------------
---
Modified:
"/bin/mkdir"
----------------------------------------------------------------------------
---
Rule Name: File System and Disk Administraton Programs (/bin/mknod)
Severity Level: 100
----------------------------------------------------------------------------
---
Modified:
"/bin/mknod"
----------------------------------------------------------------------------
---
Rule Name: File System and Disk Administraton Programs (/bin/mktemp)
Severity Level: 100
----------------------------------------------------------------------------
---
Modified:
"/bin/mktemp"
----------------------------------------------------------------------------
---
Rule Name: File System and Disk Administraton Programs (/bin/rm)
Severity Level: 100
----------------------------------------------------------------------------
---
Modified:
"/bin/rm"
----------------------------------------------------------------------------
---
Rule Name: File System and Disk Administraton Programs (/bin/rmdir)
Severity Level: 100
----------------------------------------------------------------------------
---
Modified:
"/bin/rmdir"
----------------------------------------------------------------------------
---
Rule Name: File System and Disk Administraton Programs (/bin/chgrp)
Severity Level: 100
----------------------------------------------------------------------------
---
Modified:
"/bin/chgrp"
----------------------------------------------------------------------------
---
Rule Name: File System and Disk Administraton Programs (/bin/chmod)
Severity Level: 100
----------------------------------------------------------------------------
---
Modified:
"/bin/chmod"
----------------------------------------------------------------------------
---
Rule Name: File System and Disk Administraton Programs (/bin/chown)
Severity Level: 100
----------------------------------------------------------------------------
---
Modified:
"/bin/chown"
----------------------------------------------------------------------------
---
Rule Name: File System and Disk Administraton Programs (/bin/cp)
Severity Level: 100
----------------------------------------------------------------------------
---
Modified:
"/bin/cp"
----------------------------------------------------------------------------
---
Rule Name: File System and Disk Administraton Programs (/bin/cpio)
Severity Level: 100
----------------------------------------------------------------------------
---
Modified:
"/bin/cpio"
----------------------------------------------------------------------------
---
Rule Name: Networking Programs (/bin/ping)
Severity Level: 100
----------------------------------------------------------------------------
---
Modified:
"/bin/ping"
----------------------------------------------------------------------------
---
Rule Name: System Administration Programs (/bin/pwd)
Severity Level: 100
----------------------------------------------------------------------------
---
Modified:
"/bin/pwd"
----------------------------------------------------------------------------
---
Rule Name: System Administration Programs (/bin/uname)
Severity Level: 100
----------------------------------------------------------------------------
---
Modified:
"/bin/uname"
----------------------------------------------------------------------------
---
Rule Name: Operating System Utilities (/bin/cat)
Severity Level: 100
----------------------------------------------------------------------------
---
Modified:
"/bin/cat"
----------------------------------------------------------------------------
---
Rule Name: Operating System Utilities (/bin/date)
Severity Level: 100
----------------------------------------------------------------------------
---
Modified:
"/bin/date"
----------------------------------------------------------------------------
---
Rule Name: Operating System Utilities (/bin/dd)
Severity Level: 100
----------------------------------------------------------------------------
---
Modified:
"/bin/dd"
----------------------------------------------------------------------------
---
Rule Name: Operating System Utilities (/bin/df)
Severity Level: 100
----------------------------------------------------------------------------
---
Modified:
"/bin/df"
----------------------------------------------------------------------------
---
Rule Name: Operating System Utilities (/bin/echo)
Severity Level: 100
----------------------------------------------------------------------------
---
Modified:
"/bin/echo"
----------------------------------------------------------------------------
---
Rule Name: Operating System Utilities (/bin/egrep)
Severity Level: 100
----------------------------------------------------------------------------
---
Modified:
"/bin/egrep"
----------------------------------------------------------------------------
---
Rule Name: Operating System Utilities (/bin/false)
Severity Level: 100
----------------------------------------------------------------------------
---
Modified:
"/bin/false"
----------------------------------------------------------------------------
---
Rule Name: Operating System Utilities (/bin/fgrep)
Severity Level: 100
----------------------------------------------------------------------------
---
Modified:
"/bin/fgrep"
----------------------------------------------------------------------------
---
Rule Name: Operating System Utilities (/bin/gawk)
Severity Level: 100
----------------------------------------------------------------------------
---
Modified:
"/bin/gawk"
----------------------------------------------------------------------------
---
Rule Name: Operating System Utilities (/bin/gawk-3.0.4)
Severity Level: 100
----------------------------------------------------------------------------
---
Modified:
"/bin/gawk-3.0.4"
----------------------------------------------------------------------------
---
Rule Name: Operating System Utilities (/bin/grep)
Severity Level: 100
----------------------------------------------------------------------------
---
Modified:
"/bin/grep"
----------------------------------------------------------------------------
---
Rule Name: Operating System Utilities (/bin/true)
Severity Level: 100
----------------------------------------------------------------------------
---
Modified:
"/bin/true"
----------------------------------------------------------------------------
---
Rule Name: Operating System Utilities (/bin/arch)
Severity Level: 100
----------------------------------------------------------------------------
---
Modified:
"/bin/arch"
----------------------------------------------------------------------------
---
Rule Name: Operating System Utilities (/bin/basename)
Severity Level: 100
----------------------------------------------------------------------------
---
Modified:
"/bin/basename"
----------------------------------------------------------------------------
---
Rule Name: Operating System Utilities (/bin/dmesg)
Severity Level: 100
----------------------------------------------------------------------------
---
Modified:
"/bin/dmesg"
----------------------------------------------------------------------------
---
Rule Name: Operating System Utilities (/bin/doexec)
Severity Level: 100
----------------------------------------------------------------------------
---
Modified:
"/bin/doexec"
----------------------------------------------------------------------------
---
Rule Name: Operating System Utilities (/bin/gunzip)
Severity Level: 100
----------------------------------------------------------------------------
---
Modified:
"/bin/gunzip"
----------------------------------------------------------------------------
---
Rule Name: Operating System Utilities (/bin/gzip)
Severity Level: 100
----------------------------------------------------------------------------
---
Modified:
"/bin/gzip"
----------------------------------------------------------------------------
---
Rule Name: Operating System Utilities (/bin/hostname)
Severity Level: 100
----------------------------------------------------------------------------
---
Modified:
"/bin/hostname"
----------------------------------------------------------------------------
---
Rule Name: Operating System Utilities (/bin/igawk)
Severity Level: 100
----------------------------------------------------------------------------
---
Modified:
"/bin/igawk"
----------------------------------------------------------------------------
---
Rule Name: Operating System Utilities (/bin/kill)
Severity Level: 100
----------------------------------------------------------------------------
---
Modified:
"/bin/kill"
----------------------------------------------------------------------------
---
Rule Name: Operating System Utilities (/bin/ln)
Severity Level: 100
----------------------------------------------------------------------------
---
Modified:
"/bin/ln"
----------------------------------------------------------------------------
---
Rule Name: Operating System Utilities (/bin/login)
Severity Level: 100
----------------------------------------------------------------------------
---
Modified:
"/bin/login"
----------------------------------------------------------------------------
---
Rule Name: Operating System Utilities (/bin/ls)
Severity Level: 100
----------------------------------------------------------------------------
---
Modified:
"/bin/ls"
----------------------------------------------------------------------------
---
Rule Name: Operating System Utilities (/bin/mail)
Severity Level: 100
----------------------------------------------------------------------------
---
Modified:
"/bin/mail"
----------------------------------------------------------------------------
---
Rule Name: Operating System Utilities (/bin/more)
Severity Level: 100
----------------------------------------------------------------------------
---
Modified:
"/bin/more"
----------------------------------------------------------------------------
---
Rule Name: Operating System Utilities (/bin/mv)
Severity Level: 100
----------------------------------------------------------------------------
---
Modified:
"/bin/mv"
----------------------------------------------------------------------------
---
Rule Name: Operating System Utilities (/bin/netstat)
Severity Level: 100
----------------------------------------------------------------------------
---
Modified:
"/bin/netstat"
----------------------------------------------------------------------------
---
Rule Name: Operating System Utilities (/bin/nice)
Severity Level: 100
----------------------------------------------------------------------------
---
Modified:
"/bin/nice"
----------------------------------------------------------------------------
---
Rule Name: Operating System Utilities (/bin/ps)
Severity Level: 100
----------------------------------------------------------------------------
---
Modified:
"/bin/ps"
----------------------------------------------------------------------------
---
Rule Name: Operating System Utilities (/bin/rpm)
Severity Level: 100
----------------------------------------------------------------------------
---
Modified:
"/bin/rpm"
----------------------------------------------------------------------------
---
Rule Name: Operating System Utilities (/bin/sed)
Severity Level: 100
----------------------------------------------------------------------------
---
Modified:
"/bin/sed"
----------------------------------------------------------------------------
---
Rule Name: Operating System Utilities (/bin/sleep)
Severity Level: 100
----------------------------------------------------------------------------
---
Modified:
"/bin/sleep"
----------------------------------------------------------------------------
---
Rule Name: Operating System Utilities (/bin/sort)
Severity Level: 100
----------------------------------------------------------------------------
---
Modified:
"/bin/sort"
----------------------------------------------------------------------------
---
Rule Name: Operating System Utilities (/bin/stty)
Severity Level: 100
----------------------------------------------------------------------------
---
Modified:
"/bin/stty"
----------------------------------------------------------------------------
---
Rule Name: Operating System Utilities (/bin/su)
Severity Level: 100
----------------------------------------------------------------------------
---
Modified:
"/bin/su"
----------------------------------------------------------------------------
---
Rule Name: Operating System Utilities (/bin/sync)
Severity Level: 100
----------------------------------------------------------------------------
---
Modified:
"/bin/sync"
----------------------------------------------------------------------------
---
Rule Name: Operating System Utilities (/bin/tar)
Severity Level: 100
----------------------------------------------------------------------------
---
Modified:
"/bin/tar"
----------------------------------------------------------------------------
---
Rule Name: Operating System Utilities (/bin/usleep)
Severity Level: 100
----------------------------------------------------------------------------
---
Modified:
"/bin/usleep"
----------------------------------------------------------------------------
---
Rule Name: Operating System Utilities (/bin/vi)
Severity Level: 100
----------------------------------------------------------------------------
---
Modified:
"/bin/vi"
----------------------------------------------------------------------------
---
Rule Name: Operating System Utilities (/bin/zcat)
Severity Level: 100
----------------------------------------------------------------------------
---
Modified:
"/bin/zcat"
----------------------------------------------------------------------------
---
Rule Name: Critical system boot files (/boot)
Severity Level: 100
----------------------------------------------------------------------------
---
Modified:
"/boot/System-2.2.16C28_III.map"
"/boot/System.map.pkgsave"
"/boot/vmlinux-2.2.16C28_III.bz2"
"/boot/vmlinux-2.2.16C28_III.gz"
"/boot/vmlinux.pkgsave"
----------------------------------------------------------------------------
---
Rule Name: Root config files (/root)
Severity Level: 100
----------------------------------------------------------------------------
---
Modified:
"/root/.mysql_history"
"/root/.pine-debug1"
"/root/.pine-debug2"
"/root/.pine-debug3"
"/root/.profile"