> Hope this has helped somewhat, Julian, Jay's md5 looks identical to my visual glance,
> so looks like as Eugene has hit the spot with the answer :)
/usr/bin/passwd has identical md5sum on 4 RaQ2s, so Im reassured it was a chkrootkit anomaly. Seems to me to be a good way of double checking.
Thanks
Julian
-----Original Message-----
From: Andy Brown [mailto:andy.brown@xxxxxxxxxxxxx]
Sent: Tuesday, October 08, 2002 9:55 AM
To: cobalt-security@xxxxxxxxxxxxxxx
Subject: RE: [cobalt-security] Is this suspicious?
<snip>
On Mon, 7 Oct 2002, Gerald Waugh wrote:
> On Mon, 7 Oct 2002, Andy Brown wrote:
>
> >
> > Unfortunately I don't have a RaQ2 myself, so can't check, but best is to do an md5sum on the file:
> > md5sum /usr/bin/passwd
> > then compare the output to somebody else's machine.
> >
> Hey! Andy, I don't think you can md5sum two different files and
> comeup with the same data!, I know it's early, and it's Monday.
>
Sorry for that,
It's early for me, and it's Monday morning
I was thinking of /etc/passwd :(
</snip>
Hehe, you had me wondering for a minute there if i'd been using md5sum in a totally stupid way there!!
Hope this has helped somewhat, Julian, Jay's md5 looks identical to my visual glance, so looks like as Eugene has hit the spot with the answer :)
hth,
Regards,
Andy
andy@xxxxxxxxxx
http://www.raqpak.com/ <-- Raq/Qube unofficial PKGs and support advice
_______________________________________________
cobalt-security mailing list
cobalt-security@xxxxxxxxxxxxxxx
http://list.cobalt.com/mailman/listinfo/cobalt-security
________________________________________________________________________
This e-mail has been scanned for all viruses by Star Internet. The
service is powered by MessageLabs. For more information on a proactive
anti-virus service working around the clock, around the globe, visit:
http://www.star.net.uk
________________________________________________________________________