No... due to piss poor administration and that it's a Gentoo box those md5's don't exist. Although the strange thing is, after sshd has been restarted everything works fine...
I think I'm reaching for straws but it was as if sshd wasn't forking a bash shell properly. Users could enter into their shells entry in /proc, it just wasn't being displayed in 'w' or 'ps'.... This just sounds bad the more I think about it. I'm going to try and reproduce the bug, if it can be... --Andrew Ruef -----Original Message----- From: Gary [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 29, 2005 4:50 PM To: [email protected] Subject: Re: [gentoo-sparc] Interesting incident involving Gentoo hardened linux On Wed, 29 Jun 2005, Andrew Ruef wrote: > Took the system down to init 1 and checked it out for any signs of foul > play, found none. No anomalous behavior in the logs, nothing weird that > grsec reported. Nothing in the NIDS logs of the attached system.. Did you do an MD5 comparison between the 'ps' command on your box and a known good binary? That sounds like a trojaned ps binary or something amiss in the kernel. > But still... anyone else seen this behavior? -- [email protected] mailing list -- [email protected] mailing list
