[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [cobalt-security] RPM Question
- Subject: RE: [cobalt-security] RPM Question
- From: "Gavin Nelmes-Crocker" <cobalt@xxxxxxxxxxxxxxxx>
- Date: Fri, 2 May 2003 17:46:24 +0100
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
> After following some security discussions I added some rpm verify commands
> to a script I run nightly that does some security checks (runs
> chkrootkit0.40, files without owners, files with setuid.
Fancy sharing the script?
> I get the following appearing:
>
> rpm -V net-tools
> .M...... /usr/share/locale/de/LC_MESSAGES/net-tools.mo
> .M...... /usr/share/locale/fr/LC_MESSAGES/net-tools.mo
>
> This is telling me there is a problem with Mode (includes permissions and
> file type) of these two files (I think)
<snip>
> Should I just do a chmod 644 on these two files or should I change the
> package contents somehow? I haven't tampered with these files -
> this is how
> they came in as far as I can see.
>
> chmod 644 net-ttols.mo will make the 'rpm -V' happy.....
>
It looks to me as though these files are to do with the localisation we did,
Will De Haan was the expert for that. I don't think it will cause a problem
what you are proposing, especially as looking at the directory structure
they are for French and German so probably not a concern for you in the US.
I have just rebuilt a Qube that was one of many that got hacked, after
seeing a post from someone saying they rebuilt theirs patched it fully and
it was hacked in 24hrs I was a bit concerned then I noticed the experimental
Samba rpm.
Odd that the one noticeable symptom of a hacked Qube in this instance was
that Samba goes down and doesn't come back up I decided to install the rpm
and then wait a few days to see if it gets hacked/falls over etc. So far 3
days and no hack.
Advice I would put that experimental rpm on it may save you some grief.
Regards
Gavin
ps I have just noticed 3 new patches from Sun for the Qube on Bluelink, only
one on the web page. I have installed the DNS and WGET with no issues but
not the kernel - not quite brave enough for that today as I am nearly 600
miles from the Qube <smile>