Re: [CentOS] How to check for rootkit, troians etc in backed up files?
On Thu, Sep 04, 2008 01:15:41 AM -0500, Mike McCarty wrote: M. Fioretti wrote: Hi, there is a remote (VPS) Centos 4.2 server which *may* have been compromised. Reinstalling everything from scratch isn't a problem, it may even be an occasion to improve a few things, the question is another. I use rkhunter and chkrootkit. I run them regularly. Thanks (even if late!) for the suggestions, I've applied them. Marco -- Your own civil rights and the quality of your life heavily depend on how software is used *around* you:http://digifreedom.net/node/84 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] How to check for rootkit, troians etc in backed up files?
M. Fioretti wrote: Hi, there is a remote (VPS) Centos 4.2 server which *may* have been compromised. Reinstalling everything from scratch isn't a problem, it may even be an occasion to improve a few things, the question is another. I use rkhunter and chkrootkit. I run them regularly. If you keep your machine clean, then your backups will be, too. If you get compromised, then your backups since compromise are suspect. Mike -- p=p=%c%s%c;main(){printf(p,34,p,34);};main(){printf(p,34,p,34);} Oppose globalization and One World Governments like the UN. This message made from 100% recycled bits. You have found the bank of Larn. I speak only for myself, and I am unanimous in that! ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] How to check for rootkit, troians etc in backed up files?
Mike McCarty wrote: M. Fioretti wrote: Hi, there is a remote (VPS) Centos 4.2 server which *may* have been compromised. Reinstalling everything from scratch isn't a problem, it may even be an occasion to improve a few things, the question is another. I use rkhunter and chkrootkit. I run them regularly. If you keep your machine clean, then your backups will be, too. If you get compromised, then your backups since compromise are suspect. Mike When I tried yum -y install chkrootkit.i386 I got... No package chkrootkit.i386 available. When I tried yum -y install rkhunter.noarch I got... No package rkhunter.noarch available. These were the two names mentioned on my yum list, so I updated my yum list (yum -y list yum.list), and I find that neither is present anymore. Regards, Chip Campbell ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] How to check for rootkit, troians etc in backed up files?
Charles E Campbell Jr wrote: ... These were the two names mentioned on my yum list, so I updated my yum list (yum -y list yum.list), and I find that neither is present anymore. Both are in the EPEL repository. Mogens -- Mogens Kjaer, Carlsberg A/S, Computer Department Gamle Carlsberg Vej 10, DK-2500 Valby, Denmark Phone: +45 33 27 53 25, Fax: +45 33 27 47 08 Email: [EMAIL PROTECTED] Homepage: http://www.crc.dk ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] How to check for rootkit, troians etc in backed up files?
Mogens Kjaer wrote: Charles E Campbell Jr wrote: ... These were the two names mentioned on my yum list, so I updated my yum list (yum -y list yum.list), and I find that neither is present anymore. Both are in the EPEL repository. Mogens OK -- I followed directions as given by: http://fedoraproject.org/wiki/EPEL/FAQ#How_can_I_install_the_packages_from_the_EPEL_software_repository.3F and got: rpm -Uvh http://download.fedora.redhat.com/pub/epel/5/i386/epel-release Retrieving http://download.fedora.redhat.com/pub/epel/5/i386/epel-release error: skipping http://download.fedora.redhat.com/pub/epel/5/i386/epel-release - transfer failed - Unknown or unexpected error warning: u 0x1fe50070 ctrl 0x1fe54370 nrefs != 0 (download.fedora.redhat.com http) Seems I need some more hints! Thank you, Chip Campbell ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] How to check for rootkit, troians etc in backed up files?
On Sep 4, 2008, at 11:05 AM, Charles Campbell wrote: rpm -Uvh http://download.fedora.redhat.com/pub/epel/5/i386/epel- release Retrieving http://download.fedora.redhat.com/pub/epel/5/i386/epel-release error: skipping http://download.fedora.redhat.com/pub/epel/5/i386/epel-release - transfer failed - Unknown or unexpected error warning: u 0x1fe50070 ctrl 0x1fe54370 nrefs != 0 (download.fedora.redhat.com http) Seems I need some more hints! the url you are using for the epel-release package is incorrect. CentOS-oriented documentation is here: http://wiki.centos.org/AdditionalResources/Repositories?highlight=(epel) -steve -- If this were played upon a stage now, I could condemn it as an improbable fiction. - Fabian, Twelfth Night, III,v ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] How to check for rootkit, troians etc in backed up files?
Steve Huff wrote: On Sep 4, 2008, at 11:05 AM, Charles Campbell wrote: rpm -Uvh http://download.fedora.redhat.com/pub/epel/5/i386/epel-release Retrieving http://download.fedora.redhat.com/pub/epel/5/i386/epel-release error: skipping http://download.fedora.redhat.com/pub/epel/5/i386/epel-release - transfer failed - Unknown or unexpected error warning: u 0x1fe50070 ctrl 0x1fe54370 nrefs != 0 (download.fedora.redhat.com http) Seems I need some more hints! the url you are using for the epel-release package is incorrect. CentOS-oriented documentation is here: http://wiki.centos.org/AdditionalResources/Repositories?highlight=(epel) Thank you -- I'll try this again when I have time. Regards, Chip Campbell ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] How to check for rootkit, troians etc in backed up files?
Charles Campbell wrote: Mogens Kjaer wrote: Charles E Campbell Jr wrote: ... These were the two names mentioned on my yum list, so I updated my yum list (yum -y list yum.list), and I find that neither is present anymore. Both are in the EPEL repository. OK -- I followed directions as given by: snip Seems I need some more hints! If rpmforge is already configured for you, it might be simpler to get them from there ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] How to check for rootkit, troians etc in backed up files?
Hi, there is a remote (VPS) Centos 4.2 server which *may* have been compromised. Reinstalling everything from scratch isn't a problem, it may even be an occasion to improve a few things, the question is another. There are backups of necessary shell script, ASCII configuration files and more or less important email (maildir format, if it matters) including messages with binary attachments in .doc, .pdf, .jpeg and other formats. What is, in the context above, the best way to make sure that **those** backed up files (which _must_ be put back on the server after reinstall) do not contain any rootkit, troian, virus, whatever? Which Centos / linux tool you'd recommend for this specific case? TIA, Marco -- Your own civil rights and the quality of your life heavily depend on how software is used *around* you:http://digifreedom.net/node/84 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos