[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-security] Have you been hacked?

Subject: RE: [cobalt-security] Have you been hacked?
From: "Graeme Fowler" <graeme.fowler@xxxxxxxxxxxxxx>
Date: Fri, 12 Jul 2002 12:23:28 +0100
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

All

In order to see what the RPM database expects files to be (size, permissions, datestamp and so on), choose the file you want to check and do:

rpm -qvlif $filename

It will then spit out ALL the contents of the RPM database for that specific package. You might want to grep for the filename too, or you might be overwhelmed :)

On RaQs some binaries have had the setuid/setgid bit removed for security purposes.

Also note that if you have no permissions to read a file (since you're not root, for example) the rpm -V command will *always* spit out more files than you expect. If it can't read them, it cannot md5sum them. If it cannot md5sum them, it can't do the compare. If it can't do the compare... the file doesn't verify and you get the ? mark.

Graeme
-- 
Graeme Fowler
System Administrator
Host Europe Group PLC

Prev by Date: Re: [cobalt-security] Have you been hacked?
Next by Date: Re: [cobalt-security] Have you been hacked?
Previous by thread: RE: [cobalt-security] Open port 1 & 6 question
Next by thread: [cobalt-security] RE: [cobalt-security]chkrootkit, was (no subject)

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index