//I can't see if this was replied to already, if it was just disregard. On Thu, 06 Sep 2007 10:09:26 +0200 Nagy Gábor <[EMAIL PROTECTED] lnx.hu> wrote: >/bin/kill [ BAD ] >/bin/ps [ BAD ] >/sbin/sysctl [ BAD ] >/usr/bin/top [ BAD ] >/usr/bin/w [ BAD ] > > >Is it dangerous? Should I be worried about this? >It is a debian 3.0 woody system.
It depends. If you ran Rootkit Hunter 1.2.9 out of the box and any packages where updated without you running 'hashupd' (see our Sourceforge download page) then this could trigger a hash mismatch. On the other hand it is possible the binaries where subverted. If you don't run a file integrity checker already like Aide, Samhain or even tripwire, then you should compare hashes of package contents with "known good" packages from a remote repo. To be "safe" run any checks from a LiveCD or on a separate machine. Before you do you may want to read Intruder Detection Checklist (CERT): http://www.cert.org/tech_tips/intruder_detection_checklist.html, which could serve as a checklist in a worst case scenario or if you think you found more evidence of a compromise. Regards, unSpawn -- Click to become an artist and quit your boring job. http://tagline.hushmail.com/fc/Ioyw6h4d5AEaNWabHnKFQw4xn1EeD5R5dNH0oW8Wqdm6AVSq9bBPSw/ ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users
