On Sat, Apr 28, 2001 at 12:51:59AM +1000, Michael Lake uttered:
> Jobst Schmalenbach wrote:
> > does anybody know which RH rpms contain the files that would
> > be overwritten by rootkits/crackers/breakins?
> > eg: ps,ls,netstat,top etc??
>
> rpm -q -f myfile tells you what is the name of the rpm package that owns
> the file myfile.
> So you could do this
>
> rpm -q -f /bin/ps or bette still.
> rpm -q -f `which ps`
> etc for the other files
>
Indeed, that's what I use when stuck on a RedHat box. Or 'rpm -qpl if you want to know
what files are in an rpm that isn't installed - very handy.)
*finds apt _so_ much easier*
> > Is there a URL which would have a listing for that?
>
Not a listing, but you can updated versions at http://rpmfind.net.
On the other hand, wipe the box clean (which you should do if you've been cracked
anyway) and install Debian. :-)
--
Steve
"I'm a sysadmin because I couldn't beat a blind monkey in a coding contest."
--Me
--
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://slug.org.au/lists/listinfo/slug
