[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] Have you been hacked?

Subject: Re: [cobalt-security] Have you been hacked?
From: gerald waugh <gwaugh@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>
Date: Fri, 12 Jul 2002 09:17:23 -0400 (EDT)
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

On Thu, 11 Jul 2002, Webdev wrote:

> I got this from my provider security list:
>
> To determine if your server has been compromised,
> using recent BIND exploits or any other security hole,
> check the following command at the command prompt...
>
> ..?.....   /usr/bin/chfn
> ..?.....   /usr/bin/chsh
> .M?.....   /usr/bin/newgrp
> .M......   /usr/bin/write
>
> anyone knows why?? and what these outputs means!
>

I get
[root /root]# rpm -Vf /bin/login /usr/sbin/tcpd | grep bin
.M......   /usr/bin/newgrp
.M......   /usr/bin/write
[root /root]# ls -l /usr/bin/newgrp
-rwx--x--x   1 root     root         5780 Jun 20  2000 /usr/bin/newgrp
[root /root]# ls -l /usr/bin/writ
ls: /usr/bin/writ: No such file or directory
[root /root]# ls -l /usr/bin/write
-rwxr-xr-x   1 root     tty          8648 Jun 20  2000 /usr/bin/write

--
Gerald Waugh

References:
- [cobalt-security] Have you been hacked?
  - From: Webdev

Prev by Date: RE: [cobalt-security] Have you been hacked?
Next by Date: [cobalt-security] (no subject)
Previous by thread: Re: [cobalt-security] Have you been hacked?
Next by thread: [cobalt-security] sendmail

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index