On Thu, Oct 05, 2000 at 12:56:26PM -0400, Isaiah Weiner wrote:
> On Thu, Oct 05, 2000 at 06:07:36AM -0600, Brian Schneider wrote:
> > Any other things I should be looking for?
>
> rpm -Va would probably be useful. Particularly for util-linux,
> net-tools, procps, and fileutils.
>
Here's the output of
rpm -V util-linux net-tools procps fileutils
S.5....T c /etc/pam.d/login
..?..... /usr/bin/chfn
..?..... /usr/bin/chsh
..?..... /usr/bin/newgrp
.......T /usr/lib/getopt/parse.bash
.......T /usr/lib/getopt/parse.tcsh
.......T /usr/lib/getopt/test.bash
.......T /usr/lib/getopt/test.tcsh
.......T /usr/lib/more.help
All of those come from the util-linux package.
I was wondering if I might be possible that no-one actually gained
access to the system, but instead I installed a (malicious) package
that added the line.
If so, how could I find the offending package? Most importantly, how
can I prevent this from happening again. I have ipchains set up now
(I didn't until a little while ago), and when I go to www.grc.com it
shows me to be completely stealth. Of course, that wouldn't help
protect me against trojans, but no-one could have been connecting via
port 9704.
I have ordered RH 7.0 from www.lsl.com, and I plan on installing it
as soon as it gets here.
Thanks,
Ben Logan
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
