On Tuesday 21 November 2006 11:55 am, Benny Butler wrote: > Andrew, I'm in the same boat, just /bin/kill on CentOS. I've pretty much > ignored it up till now, but when I hear the answer, I'll implement it too. > Thanks for asking. Or maybe we both just have the /bin/kill rootkit :) > > On 11/21/06, Andrew Watson <[EMAIL PROTECTED]> wrote: > > Hi, > > > > I have run the rkhunter 1.2.8 on a centos4 (4-4.2 I think) and i am > > getting a single md5 checksum error on /bin/kill > > > > Having checked the faqs I find the advice to validate > > > > Files: > > - "strings <file>" and check for untrusted file paths (things like > > /dev/.hiddendir) > > - recently updated binaries and their original source. If it is due an > > update, please sent me an URI to the changed file (like a RPM), so I can > > add new hashes to the databases. > > - "file <file>" and compare them with others (especially trusted > > binaries). If some binaries are linked static and others are all dynamic, > > than they could have been trojaned.. > > > > Unfortunately, these instructions don't mean much to a linux novice like > > me, so I'm hoping that someone can give me a few pointers on what I need > > to do to look a little further into this problem... > > > > > > Many thanks > > > > > > brian > >
I hope I'm not totally hijacking your post, but I've seen this same checksum "error" on a couple of my machines. But, I'm less concerned about that because: a) it has shown itself on internal machines and, b) others have posted about the same issue. My "single checksum" issue involves /etc/passwd, which runs on a critical server within our DMZ. I have no way of knowing if a certain program I installed is responsible for this going out-of-whack, or what. Certainly I'm concerned because, well, it's the password-setting program. Has anyone seen this one before? Diggy -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Rkhunter-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/rkhunter-users
