[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-security] Have you been hacked?

Subject: [cobalt-security] Have you been hacked?
From: Webdev <wserv_discuss@xxxxxxxxx>
Date: Thu, 11 Jul 2002 16:25:57 -0700 (PDT)
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

Hi.

I got this from my provider security list:

------------------------------------------------------
Have you been hacked?


To determine if your server has been compromised,
using recent BIND exploits or any other security hole,
check the following command at the command prompt...

rpm -Vf /bin/login /usr/sbin/tcpd | grep bin

If you get any result - your server has most likely
been compromised.
------------------------------------------------------

I tried the above command on IBM Linux and showed no
output GREAT..

BUT with the RaQ4 server it showed the below output:

..?.....   /usr/bin/chfn
..?.....   /usr/bin/chsh
.M?.....   /usr/bin/newgrp
.M......   /usr/bin/write

anyone knows why?? and what these outputs means!

Thanks
wserv_discuss@xxxxxxxxx


__________________________________________________
Do You Yahoo!?
Sign up for SBC Yahoo! Dial - First Month Free
http://sbc.yahoo.com

Follow-Ups:
- Re: [cobalt-security] Have you been hacked?
  - From: Glen Scott
- Re: [cobalt-security] Have you been hacked?
  - From: Daniel Phillips
- Re: [cobalt-security] Have you been hacked?
  - From: gerald waugh

References:
- Re: [cobalt-security] Apache Patche - Apache Version Number Does Not Change
  - From: Steve Werby

Prev by Date: Re: [cobalt-security] Apache Patche - Apache Version Number Does Not Change
Next by Date: [cobalt-security] Open port 1 & 6 question
Previous by thread: Re: [cobalt-security] Apache Patche - Apache Version Number Does Not Change
Next by thread: Re: [cobalt-security] Have you been hacked?

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index