I get the same result on my Raq3. > ..?..... /usr/bin/chfn > ..?..... /usr/bin/chsh > .M?..... /usr/bin/newgrp > .M...... /usr/bin/write
The question marks there mean that the rpm program can't verify the contents of those three files (it can't calculate their MD5 hashes) because it doesn't have permission to read them. This is what those files look like on my machine: $ ls -l /usr/bin/chfn /usr/bin/chsh /usr/bin/newgrp -rws--x--x 1 root root 14088 Apr 17 1999 /usr/bin/chfn -rws--x--x 1 root root 13800 Apr 17 1999 /usr/bin/chsh -rwx--x--x 1 root root 5576 Apr 17 1999 /usr/bin/newgrp If I log in as root, and do that "rpm -Vf ..." thing again, then those three question marks don't appear; so there doesn't seem to be a problem here. The M's mean that the permissions or ownerships of those two files have changed (as Glen Scott pointed out). This is what they look like on my machine: $ ls -l /usr/bin/newgrp /usr/bin/write -rwx--x--x 1 root root 5576 Apr 17 1999 /usr/bin/newgrp -rwxr-xr-x 1 root tty 8392 Apr 17 1999 /usr/bin/write Neither one looks suspicious to me. (Does anyone know how to find out the original permissions with rpm?) So again there doesn't seem to be a problem here. On Thu, 11 Jul 2002 16:25:57 -0700 (PDT) Webdev <[EMAIL PROTECTED]> wrote: > Hi. > > I got this from my provider security list: > > ------------------------------------------------------ > Have you been hacked? > > > To determine if your server has been compromised, > using recent BIND exploits or any other security hole, > check the following command at the command prompt... > > rpm -Vf /bin/login /usr/sbin/tcpd | grep bin > > If you get any result - your server has most likely > been compromised. > ------------------------------------------------------ > > I tried the above command on IBM Linux and showed no > output GREAT.. > > BUT with the RaQ4 server it showed the below output: > > ..?..... /usr/bin/chfn > ..?..... /usr/bin/chsh > .M?..... /usr/bin/newgrp > .M...... /usr/bin/write > > anyone knows why?? and what these outputs means! > > Thanks > [EMAIL PROTECTED] > > > __________________________________________________ > Do You Yahoo!? > Sign up for SBC Yahoo! Dial - First Month Free > http://sbc.yahoo.com > _______________________________________________ > cobalt-security mailing list > [EMAIL PROTECTED] > http://list.cobalt.com/mailman/listinfo/cobalt-security _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
