Not much info in your message, but here are the hashes from a clean install of lucid (x86):
Sha1: d2b0a66038c61a400786ec385142350b147d8782 /bin/login Sha256: 079de3b5d2eed737271c75b733bd7f629e6c34aa7f18378af2bac9f975644e6a /bin/login On 5/3/10 10:43 AM, Charlie wrote: > anyone else seeing this? > > Received From: Nyar->rootcheck > Rule: 510 fired (level 7) -> "Host-based anomaly detection event > (rootcheck)." > Portion of the log(s): > > Trojaned version of file '/bin/login' detected. Signature used: > 'bash|elite|SucKIT|xlogin|vejeta|porcao|lets_log|sukasuk' (Generic).
