Matt> I am havin some minor system problems due to the fact that my
Matt> /var/run/utmp file seems to be out of order.
...
Matt> ideas?
If your /var/run/utmp file was corrupted and you didn't do anything to
precipitate it (like installing new libc, include files or RPMs for tools
that read/write utmp), check *very carefully* to see if your system has been
compromised. If:
* you are running RH 5.0 or earlier
* your machine is IP connected to the net (direct, PPP, slip, etc)
* you haven't yet upgraded to named 4.9.7 or 8.1.2
there's a good chance your system has been compromised at the root level.
Telltale signs from my own experience:
* the presence of a file named /dev/reset
* corruption of /var/run/utmp
* invalid checksums on some important system tools
*Don't* trust cksum or md5sum on the suspect machine. Use versions from a
CD or other known good source (perhaps a non-Linux machine + rsh).
I posted a CERT advisory about this in the past week or so. People, please
go back and read it and check your systems!
Skip Montanaro | Musi-Cal: http://concerts.calendar.com/
[EMAIL PROTECTED] | Conference Calendar: http://conferences.calendar.com/
(518)372-5583
--
PLEASE read the Red Hat FAQ, Tips, Errata and the MAILING LIST ARCHIVES!
http://www.redhat.com/RedHat-FAQ /RedHat-Errata /RedHat-Tips /mailing-lists
To unsubscribe: mail [EMAIL PROTECTED] with
"unsubscribe" as the Subject.
