[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-security] Have you been hacked?
- Subject: [cobalt-security] Have you been hacked?
- From: Webdev <wserv_discuss@xxxxxxxxx>
- Date: Thu, 11 Jul 2002 16:25:57 -0700 (PDT)
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Hi.
I got this from my provider security list:
------------------------------------------------------
Have you been hacked?
To determine if your server has been compromised,
using recent BIND exploits or any other security hole,
check the following command at the command prompt...
rpm -Vf /bin/login /usr/sbin/tcpd | grep bin
If you get any result - your server has most likely
been compromised.
------------------------------------------------------
I tried the above command on IBM Linux and showed no
output GREAT..
BUT with the RaQ4 server it showed the below output:
..?..... /usr/bin/chfn
..?..... /usr/bin/chsh
.M?..... /usr/bin/newgrp
.M...... /usr/bin/write
anyone knows why?? and what these outputs means!
Thanks
wserv_discuss@xxxxxxxxx
__________________________________________________
Do You Yahoo!?
Sign up for SBC Yahoo! Dial - First Month Free
http://sbc.yahoo.com