On Tuesday 21 November 2006 12:21 pm, Dimitri Yioulos wrote: > On Tuesday 21 November 2006 11:55 am, Benny Butler wrote: > > Andrew, I'm in the same boat, just /bin/kill on CentOS. I've pretty much > > ignored it up till now, but when I hear the answer, I'll implement it > > too. Thanks for asking. Or maybe we both just have the /bin/kill rootkit > > :) > > > > On 11/21/06, Andrew Watson <[EMAIL PROTECTED]> wrote: > > > Hi, > > > > > > I have run the rkhunter 1.2.8 on a centos4 (4-4.2 I think) and i am > > > getting a single md5 checksum error on /bin/kill > > > > > > Having checked the faqs I find the advice to validate > > > > > > Files: > > > - "strings <file>" and check for untrusted file paths (things like > > > /dev/.hiddendir) > > > - recently updated binaries and their original source. If it is due an > > > update, please sent me an URI to the changed file (like a RPM), so I > > > can add new hashes to the databases. > > > - "file <file>" and compare them with others (especially trusted > > > binaries). If some binaries are linked static and others are all > > > dynamic, than they could have been trojaned.. > > > > > > Unfortunately, these instructions don't mean much to a linux novice > > > like me, so I'm hoping that someone can give me a few pointers on what > > > I need to do to look a little further into this problem... > > > > > > > > > Many thanks > > > > > > > > > brian > > I hope I'm not totally hijacking your post, but I've seen this same > checksum "error" on a couple of my machines. But, I'm less concerned about > that because: a) it has shown itself on internal machines and, b) others > have posted about the same issue. > > My "single checksum" issue involves /etc/passwd, which runs on a critical > server within our DMZ. I have no way of knowing if a certain program I > installed is responsible for this going out-of-whack, or what. Certainly > I'm concerned because, well, it's the password-setting program. Has anyone > seen this one before? > > Diggy
Ermmm, that's /usr/bin/passwd. Diggy -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Rkhunter-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/rkhunter-users
