Hi, The rpm -Vf command verifies the file specified against the information about the original installed files stored in the rpm database. Do a 'man rpm' for more info. This command can be useful to tell whether files have been modified in any way since the original install.
In your case, it seems that the files are failing the 'Mode' test. This could mean the ownership/file permissions have been altered. Whether this is a cause for alarm is another matter entirely. Regards, Glen Scott >I got this from my provider security list: > >------------------------------------------------------ >Have you been hacked? > > >To determine if your server has been compromised, >using recent BIND exploits or any other security hole, >check the following command at the command prompt... > >rpm -Vf /bin/login /usr/sbin/tcpd | grep bin > >If you get any result - your server has most likely >been compromised. >------------------------------------------------------ > >I tried the above command on IBM Linux and showed no >output GREAT.. > >BUT with the RaQ4 server it showed the below output: > >..?..... /usr/bin/chfn >..?..... /usr/bin/chsh >.M?..... /usr/bin/newgrp >.M...... /usr/bin/write > >anyone knows why?? and what these outputs means! > >Thanks >[EMAIL PROTECTED] > > >__________________________________________________ >Do You Yahoo!? >Sign up for SBC Yahoo! Dial - First Month Free >http://sbc.yahoo.com >_______________________________________________ >cobalt-security mailing list >[EMAIL PROTECTED] >http://list.cobalt.com/mailman/listinfo/cobalt-security -- Get your own FREE TaskManager at: http://tasks.dessol.net/ --- Design Solution Limited t: +44 (0)1502 513008 f: +44 (0)870 460 2518 e: [EMAIL PROTECTED] w: http://www.designsolution.co.uk Nouvotech House, Harbour Road, Oulton Broad, Suffolk, NR32 3LZ, UK --- _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
