Re: [cobalt-security] Possible problem?

William P. N. Smith Sun, 22 Apr 2001 06:11:22 -0700
I'm also getting 'extra' stuff on a RAQ2:

> > Although it is not 100% accurate (tell this to the customer), one can be
> > resonably sure that the
> > server has been hacked if any of the following produces output:
> >
> >       rpm -V procps
> >       rpm -V fileutils
> >       rpm -V net-tools
> >       rpm -V util-linux
> >       ...any questions, run these on our servers.
> >
> >       NOTE: util-linux will complain about:
> >       S.5....T c /etc/pam.d/chfn
> >       S.5....T c /etc/pam.d/chsh
> >       S.5....T c /etc/pam.d/login
> >       .M...... /usr/bin/newgrp
> >       .M...... /usr/bin/write
> >       These are OK...they should not be different, but they DO NOT show

[admin admin]$ rpm -V procps
Unsatisfied dependencies for procps-1.2.2-2: libncurses.so.3.0
[admin admin]$ rpm -V fileutils
[admin admin]$ rpm -V net-tools
[admin admin]$ rpm -V util-linux
Unsatisfied dependencies for util-linux-2.8-11C3: libncurses.so.3.0
..5.....   /bin/login
S.5....T c /etc/pam.d/chfn
S.5....T c /etc/pam.d/chsh
S.5....T c /etc/pam.d/login
..5.....   /usr/bin/chfn
..5.....   /usr/bin/chsh
.M5.....   /usr/bin/newgrp
.M......   /usr/bin/write

-- 
William Smith    [EMAIL PROTECTED]    [EMAIL PROTECTED]
ComputerSmiths Consulting, Inc.    www.compusmiths.com
_______________________________________________
cobalt-security mailing list
[EMAIL PROTECTED]
http://list.cobalt.com/mailman/listinfo/cobalt-security
Re: [cobalt-security] Possible problem?

Reply via email to
