Niccolas,
I agree with John. rkhunter is your friend!
I set up all my servers to run nightly with weekly updates.
Peace,
Allan
John R Pierce wrote:
> On 02/07/11 10:06 AM, Nicolas Ross wrote:
>> I found some suspicious file in /bin and /usr/bin directories that are owned
>> by user id 122, where t
On Mon, 2011-02-07 at 15:27 -0800, Benjamin Smith wrote:
> A) Determine just how far they got in (did they get access to other systems?)
All the bad stuff only resided in Volatile Memory and you Erased it when
you shut down the machine and forgot to copy the Memory.
:-)
John
On Monday, February 07, 2011 10:21:18 am Nicolas Ross wrote:
> mds5um has been tempered with also... It return those expected values, but
> a md5sum programm I took elsewhere was returning another value...
Once you've been hacked, you can't trust the core utilities (ls /
md5sum/cd/etc) You can't
> On 02/07/11 10:06 AM, Nicolas Ross wrote:
>> I found some suspicious file in /bin and /usr/bin directories that are
>> owned
>> by user id 122, where this machine doesn't a userid 122.
>>
>
> oh. get and run rkhunter. preferably do it on read only media via
> another system.
Ok, good tool, an
On Mon, Feb 07, 2011 at 01:06:56PM -0500, Nicolas Ross wrote:
> Hi !
>
> I think one of my machine got hacked, but I can figure out from where...
>
> I found some suspicious file in /bin and /usr/bin directories that are owned
> by user id 122, where this machine doesn't a userid 122.
>
> So, d
2011/2/7 Nicolas Ross
> mds5um has been tempered with also... It return those expected values, but
> a
> md5sum programm I took elsewhere was returning another value...
>
>
not all md5sum programs are the same, check several programs before deciding
what's next.
__
John R Pierce wrote:
> On 02/07/11 10:06 AM, Nicolas Ross wrote:
>> So, does anyone hav a centos 3.9 install arround that can send me the
>> info about (filesize, md5, modification date) these file :
>
> is that a 3.9 install that never got any updates afterwards? is that
> x86_64 or i686?e
On 02/07/11 10:06 AM, Nicolas Ross wrote:
> I found some suspicious file in /bin and /usr/bin directories that are owned
> by user id 122, where this machine doesn't a userid 122.
>
oh. get and run rkhunter. preferably do it on read only media via
another system.
_
On 02/07/11 10:06 AM, Nicolas Ross wrote:
> So, does anyone hav a centos 3.9 install arround that can send me the info
> about (filesize, md5, modification date) these file :
>
is that a 3.9 install that never got any updates afterwards? is that
x86_64 or i686?etc etc.
that data is prett
>> I think one of my machine got hacked, but I can figure out from where...
>>
>> I found some suspicious file in /bin and /usr/bin directories that are
>> owned
>> by user id 122, where this machine doesn't a userid 122.
>>
>> So, does anyone hav a centos 3.9 install arround that can send me the
On Feb 7, 2011, at 10:14 AM, m.r...@5-cent.us wrote:
> Nicolas Ross wrote:
>> Hi !
>>
>> I think one of my machine got hacked, but I can figure out from where...
>>
>> I found some suspicious file in /bin and /usr/bin directories that are
>> owned
>> by user id 122, where this machine doesn't a
Nicolas Ross wrote:
> Hi !
>
> I think one of my machine got hacked, but I can figure out from where...
>
> I found some suspicious file in /bin and /usr/bin directories that are
> owned
> by user id 122, where this machine doesn't a userid 122.
>
> So, does anyone hav a centos 3.9 install arround
Hi !
I think one of my machine got hacked, but I can figure out from where...
I found some suspicious file in /bin and /usr/bin directories that are owned
by user id 122, where this machine doesn't a userid 122.
So, does anyone hav a centos 3.9 install arround that can send me the info
about (
13 matches
Mail list logo
