[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] Have you been hacked?
- Subject: Re: [cobalt-security] Have you been hacked?
- From: gerald waugh <gwaugh@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Fri, 12 Jul 2002 09:17:23 -0400 (EDT)
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
On Thu, 11 Jul 2002, Webdev wrote:
> I got this from my provider security list:
>
> To determine if your server has been compromised,
> using recent BIND exploits or any other security hole,
> check the following command at the command prompt...
>
> ..?..... /usr/bin/chfn
> ..?..... /usr/bin/chsh
> .M?..... /usr/bin/newgrp
> .M...... /usr/bin/write
>
> anyone knows why?? and what these outputs means!
>
I get
[root /root]# rpm -Vf /bin/login /usr/sbin/tcpd | grep bin
.M...... /usr/bin/newgrp
.M...... /usr/bin/write
[root /root]# ls -l /usr/bin/newgrp
-rwx--x--x 1 root root 5780 Jun 20 2000 /usr/bin/newgrp
[root /root]# ls -l /usr/bin/writ
ls: /usr/bin/writ: No such file or directory
[root /root]# ls -l /usr/bin/write
-rwxr-xr-x 1 root tty 8648 Jun 20 2000 /usr/bin/write
--
Gerald Waugh