[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] crond recently patched?
- Subject: Re: [cobalt-security] crond recently patched?
- From: Dmitry Alexeyev <dmi_a@xxxxxxxxxx>
- Date: Thu, 4 Mar 2004 01:57:25 +0300
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Hello,
First, before checking cron, run chkproc -v from chkrootkit; let me know
if you don't have one...
If it yells about hidden processes, it is infected with SuckIt root kit.
I've seen many raqs already infected with this backdoor.
WBR,
Dmitry
> Curious, this looks suspecious..
>
>
> [root admin]# ls -la /usr/sbin/crond
> -rwxr-xr-x 1 root root 26636 Feb 3 13:53
> /usr/sbin/crond [root admin]#
>
> I dont recall applying any patches to crond..
>
> What should the normal one be, and where can I get it (for raq550)
>
> thanks
> dave