-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dan;
It is most likely from a dev package. I have an aes.h on my system that comes from libssl-dev. I have no aes1.h. $ dpkg-query -S /usr/include/openssl/aes.h libssl-dev: /usr/include/openssl/aes.h Is the file an actual header file? If so it should start with something like the following, with a lot of defines and includes in the actual code. /* crypto/aes/aes.h -*- mode:C; c-file-style: "eay" -*- */ /* ==================================================================== * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. ... #ifndef HEADER_AES_H #define HEADER_AES_H #include <openssl/opensslconf.h> #ifdef OPENSSL_NO_AES #error AES is disabled. #endif What version of Ubuntu/openssl are you currently running? The .h files would only be used at compile time, if you are worried about it there is no reason you could not either remove the file or the -dev package it belongs to (unless you want to compile something with ssl support). Brad On 01/23/2012 11:51 AM, Dan Schlitt wrote: > > A suspicious file has appeared on my Ubuntu linux box. It is in a > strage place for a file that is written to - > /usr/include/openssl/aes1.h. It contains plain text information > that shouldn't be kept. > > I have looked diligently to find where it is coming from without > finding anything. > > It is definitely connected in some way to ssh (which I have removed > and reinstalled to no effect.) If the file is not world writable > ssh crashes after connecting and logging in to the remote end. It > doesn't mind the read permissions being removed. > > Does anyone recognize the malware or configuration that this > belongs to. > > Any help would be appreciated. > > /dan > > -- Dan Schlitt schl...@theworld.com > > > _______________________________________________ Tech mailing list > Tech@lists.lopsa.org > https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech This list > provided by the League of Professional System Administrators > http://lopsa.org/ - -- Brad Hudson SA Team Lead The Pythian Group - love your data Desk: 613-565-8696 x202 IM: pythianhudson -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk8dmm0ACgkQQ6JZA6y/BxkAXACdEyNSSFmeMbZaY1uSQuccplDr va4An0YsG4vFuC16SKBco8KibtsVes2G =Wrtm -----END PGP SIGNATURE----- _______________________________________________ Tech mailing list Tech@lists.lopsa.org https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
