[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] Have you been hacked?
- Subject: Re: [cobalt-security] Have you been hacked?
- From: Glen Scott <glen@xxxxxxxxxxxxxxxxxxxx>
- Date: Fri, 12 Jul 2002 08:23:20 +0100
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Hi,
The rpm -Vf command verifies the file specified against the
information about the original installed files stored in the rpm
database. Do a 'man rpm' for more info. This command can be useful
to tell whether files have been modified in any way since the
original install.
In your case, it seems that the files are failing the 'Mode' test.
This could mean the ownership/file permissions have been altered.
Whether this is a cause for alarm is another matter entirely.
Regards,
Glen Scott
I got this from my provider security list:
------------------------------------------------------
Have you been hacked?
To determine if your server has been compromised,
using recent BIND exploits or any other security hole,
check the following command at the command prompt...
rpm -Vf /bin/login /usr/sbin/tcpd | grep bin
If you get any result - your server has most likely
been compromised.
------------------------------------------------------
I tried the above command on IBM Linux and showed no
output GREAT..
BUT with the RaQ4 server it showed the below output:
..?..... /usr/bin/chfn
..?..... /usr/bin/chsh
.M?..... /usr/bin/newgrp
.M...... /usr/bin/write
anyone knows why?? and what these outputs means!
Thanks
wserv_discuss@xxxxxxxxx
__________________________________________________
Do You Yahoo!?
Sign up for SBC Yahoo! Dial - First Month Free
http://sbc.yahoo.com
_______________________________________________
cobalt-security mailing list
cobalt-security@xxxxxxxxxxxxxxx
http://list.cobalt.com/mailman/listinfo/cobalt-security
--
Get your own FREE TaskManager at: http://tasks.dessol.net/
---
Design Solution Limited
t: +44 (0)1502 513008
f: +44 (0)870 460 2518
e: info@xxxxxxxxxxxxxxxxxxxx
w: http://www.designsolution.co.uk
Nouvotech House, Harbour Road,
Oulton Broad, Suffolk, NR32 3LZ, UK
---