Rudolf Lohner wrote:
[snip]
file hello.dyn
hello.dyn: ELF 32-bit LSB executable, Intel 80386, version 1, dynamically linked (uses shared libs), not stripped
file hello.stat
hello.stat: ELF 32-bit LSB executable, Intel 80386, version 1, statically linked, not stripped
[snip]
Greetings, R
On Montag Januar 5 2004 18:43, Marcel Weber wrote:
> Whatever, I guess during the inital setup of LFS I made a mistake and
> compiled these files statically... This probably explains the size. I do
> not think, that they're belonging to a rootkit, as I have the same files
> on my initial install ba
Rudolf Lohner wrote:
[snip]
file hello.dyn
hello.dyn: ELF 32-bit LSB executable, Intel 80386, version 1, dynamically linked (uses shared libs), not stripped
file hello.stat
hello.stat: ELF 32-bit LSB executable, Intel 80386, version 1, statically linked, not stripped
[snip]
Greetings, Rudolf
On Montag Januar 5 2004 18:43, Marcel Weber wrote:
> Whatever, I guess during the inital setup of LFS I made a mistake and
> compiled these files statically... This probably explains the size. I do
> not think, that they're belonging to a rootkit, as I have the same files
> on my initial install ba
Bill Marcum wrote:
On Mon, Jan 05, 2004 at 02:44:05PM +0100, Marcel Weber wrote:
What exactly did chkrootkit say about those files? Were they writable
by non-root users, did they have setuid permission, or what?
They had the following access rights:
They had the usual access rights 751.
Bill Marcum wrote:
On Mon, Jan 05, 2004 at 02:44:05PM +0100, Marcel Weber wrote:
What exactly did chkrootkit say about those files? Were they writable
by non-root users, did they have setuid permission, or what?
They had the following access rights:
They had the usual access rights 751. chkro
On Mon, Jan 05, 2004 at 02:44:05PM +0100, Marcel Weber wrote:
> Hi
>
> It isn't exactly a debian question, but nevertheless I think this is the
> appropriate place to post this.
>
> I ran chkrootkit 0.43 on my LFS box. This system is a mail and web
> server. Chkrootkit complained about two file
Incoming from Rick Moen:
> Quoting Marcel Weber ([EMAIL PROTECTED]):
>
> > But what made me shudder was this: In the /tmp folder I found these files:
> >
> > drwx-- 2 root root 48 Aug 10 19:36 Ib2KZi
> > drwx-- 2 root root 88 Jan 3 06:12 MF2oMw
> > drwx---
On Mon, Jan 05, 2004 at 02:44:05PM +0100, Marcel Weber wrote:
> Hi
>
> It isn't exactly a debian question, but nevertheless I think this is the
> appropriate place to post this.
>
> I ran chkrootkit 0.43 on my LFS box. This system is a mail and web
> server. Chkrootkit complained about two file
Quoting Marcel Weber ([EMAIL PROTECTED]):
[Snip explanation for "suspicious" directories, which sadly doesn't
suffice to imply the more general conclusion]
> In this case everything should be fine.
Actually, you don't know that.
I just thought I'd mention that fact, to add an extra frisson
Incoming from Rick Moen:
> Quoting Marcel Weber ([EMAIL PROTECTED]):
>
> > But what made me shudder was this: In the /tmp folder I found these files:
> >
> > drwx-- 2 root root 48 Aug 10 19:36 Ib2KZi
> > drwx-- 2 root root 88 Jan 3 06:12 MF2oMw
> > drwx---
Emmanuel Lacour wrote:
It's a gzip file of the perl modules available from CPAN...
Try "zcat your_file"
Thanks! I counter checked and indeed I upgraded perl to 5.8.0 on the
same date these "suspicious" directories have. In this case everything
should be fine. The env and netstat were fa
Quoting Marcel Weber ([EMAIL PROTECTED]):
> But what made me shudder was this: In the /tmp folder I found these files:
>
> drwx-- 2 root root 48 Aug 10 19:36 Ib2KZi
> drwx-- 2 root root 88 Jan 3 06:12 MF2oMw
> drwx-- 2 root root 48 Aug
On Mon, Jan 05, 2004 at 02:44:05PM +0100, Marcel Weber wrote:
> Hi
>
> Is this a left over from an attempt to hack my system? How can I check
> what happened and if the attacker succeeded? The bad thing is, there are
> no log files left from august. Has anybody a clue what this
> L8823-7955TMP.
Quoting Marcel Weber ([EMAIL PROTECTED]):
[Snip explanation for "suspicious" directories, which sadly doesn't
suffice to imply the more general conclusion]
> In this case everything should be fine.
Actually, you don't know that.
I just thought I'd mention that fact, to add an extra frisson
Emmanuel Lacour wrote:
It's a gzip file of the perl modules available from CPAN...
Try "zcat your_file"
Thanks! I counter checked and indeed I upgraded perl to 5.8.0 on the
same date these "suspicious" directories have. In this case everything
should be fine. The env and netstat were false
Quoting Marcel Weber ([EMAIL PROTECTED]):
> But what made me shudder was this: In the /tmp folder I found these files:
>
> drwx-- 2 root root 48 Aug 10 19:36 Ib2KZi
> drwx-- 2 root root 88 Jan 3 06:12 MF2oMw
> drwx-- 2 root root 48 Aug
Hi
It isn't exactly a debian question, but nevertheless I think this is the
appropriate place to post this.
I ran chkrootkit 0.43 on my LFS box. This system is a mail and web
server. Chkrootkit complained about two files: /bin/netstat and
/usr/bin/env. Both of these files were quite big (215
On Mon, Jan 05, 2004 at 02:44:05PM +0100, Marcel Weber wrote:
> Hi
>
> Is this a left over from an attempt to hack my system? How can I check
> what happened and if the attacker succeeded? The bad thing is, there are
> no log files left from august. Has anybody a clue what this
> L8823-7955TMP.
Hi
It isn't exactly a debian question, but nevertheless I think this is the
appropriate place to post this.
I ran chkrootkit 0.43 on my LFS box. This system is a mail and web
server. Chkrootkit complained about two files: /bin/netstat and
/usr/bin/env. Both of these files were quite big (215 k
20 matches
Mail list logo
