Martin, No, it's cool man, I -think- everything is fine. Nobody seemed to say anything about the last two > .M...... /usr/bin/newgrp > .M...... /usr/bin/write I was just asking about the other messages. > S.5....T c /etc/pam.d/chfn > S.5....T c /etc/pam.d/chsh > S.5....T c /etc/pam.d/login If you note, I did not use the "|grep bin" at the end of my execution string. Curiosity I suppose.
----- Original Message ----- From: "Mart�n Fiumara" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, July 15, 2002 3:37 AM Subject: Re: [cobalt-security] Have you been hacked? David, can you tell me what that result means? Im just learning Linux basics :) Means that the server has been hacked? If not, must I reinstall something o fix something? The raq3 has all the cobalt patches uptodate.... Thanks for the help ----- Original Message ----- From: "David Seaton" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, July 15, 2002 4:07 AM Subject: Re: [cobalt-security] Have you been hacked? > Just for fun I checked myself with: > rpm -Vf /bin/login /usr/sbin/tcpd > > and results where: > S.5....T c /etc/pam.d/chfn > S.5....T c /etc/pam.d/chsh > S.5....T c /etc/pam.d/login > .M...... /usr/bin/newgrp > .M...... /usr/bin/write > > Nothing to worry about right? > > -David Seaton > > _______________________________________________ > cobalt-security mailing list > [EMAIL PROTECTED] > http://list.cobalt.com/mailman/listinfo/cobalt-security > _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
