Displaying 20 results from an estimated 2000 matches similar to: "unverified files in 5.4"
2004 May 01
3
chkrootkit and 4.10-prerelease issues?
Has anyone else seen chkrootkit (version 0.43) on 4.10-prerelease or
later report chfn, chsh, and date as infected?
I built world yesterday, and my nightly chkrootkit reports this on run.
I've replaced the binaries with their 4.9 equivalents, and things don't
report as infected. I upgrade the 4.9 machine to 4.10, and chkrootkit
reports them as infected again.
Is this similar to the
2004 Aug 18
4
chfn, date, chsh INFECTED according to chkrootkit
I ran chkrootkit ( v. chkrootkit-0.43 ) earlier and
noticed that chfn, date, and chsh showed as being
infected. I remember reading post from the past that
right now chkrootkit is giving alot of false
positives, so I suspected that these 3 binaries are
not bad.
However, to be on the safe side, I deleted the 3
binaries, removed /usr/src and did a 'make world' to
4.10-STABLE.
But, chfn,
2003 Apr 13
1
chfn, chsh, ls, ps - INFECTED
My machine got hacked a few days ago through the samba bug. I
reinstalled everything cvsuped src-all, and ran chkrootkit. No more LKM
but still...
Can anyone please advise ?
bash-2.05b# chkrootkit | grep INFECTED
Checking `chfn'... INFECTED
Checking `chsh'... INFECTED
Checking `date'... INFECTED
Checking `ls'... INFECTED
Checking `ps'... INFECTED
--
Jay
-------------- next
2004 May 21
12
Hacked or not ?
Hi,
I have a 4.9-STABLE FreeBSD box apparently hacked!
Yesterday I ran chkrootkit-0.41 and I don't like some of the outputs.
Those are:
chfn ... INFECTED
chsh ... INFECTED
date ... INFECTED
ls ... INFECTED
ps ... INFECTED
But all the rest is NOT PROMISC, NOT INFECTED, NOTHING FOUND, NOTHING DELETED, or NOTHING DETECTED.
I know by the FreeBSD-Security archives that
2003 Aug 14
2
chkrootkit reports INFECTED :(
Hi!
Running chkrootkit on newly installed FreeBSD 5.0 got:
-cut-
Checking `basename'... not infected
Checking `biff'... not infected
Checking `chfn'... INFECTED
Checking `chsh'... INFECTED
Checking `cron'... not infected
Checking `date'... INFECTED
-cut-
Checking `ls'... INFECTED
-cut-
Checking `ps'... INFECTED
Checking `pstree'... not found
-cut-
What does it
2015 Feb 08
2
Did you get my previous email? Not Spam.
On 08/02/15 06:51, Jason Long wrote:
> Thanks a lot.
>
> [root at printmah ~]# getent passwd jason
> jason:*:11303:10513:jason JASON:/home/JASONDOMAIN/jason:/bin/false
>
> But I can't login to Linux via AD username and it show me :
>
>
>
> Last login: Sun Feb 8 01:48:32 2015
> Could not chdir to home directory /home/JASONDOMAIN/jason: No such file or directory
2007 Jan 22
5
Problem with xen on Centos-4.4?
I am running a Xen installation on a Centos-4.4 based test box, my desktop
unit, and I am having intermittent problems installing certain pieces of
software. Some time back I posted to this list regarding my inability to
install Adobe Acrobat on this unit and was advised to essentially
repackage the software and try again. This is beyond my present means of
knowledge or time to acquire same and
2003 Sep 10
1
chkrotkit 4.1 and FreeBSD 4.5
Hello!
I've found that on two FreeBSD 4.5-RELEASE boxes chkrootkit finds:
Checking `chfn'... INFECTED
Checking `chsh'... INFECTED
Checking `date'... INFECTED
Checking `ls'... INFECTED
Checking `ps'... INFECTED
recompiling, say, ls from souces didn't help. False positive or source changed as well?
--
Alex.
2018 Feb 21
1
are there reference lists/cheat sheets for categorized commands?
prepping to teach a 5-day CompTIA linux+ course next week with
CompTIA-supplied courseware and, given that it was my choice, i chose
to set up the classroom with centos 7.4 on all the student systems
since i assume most students are there to learn sysadmin and that's
the most likely platform they'll have when they get back to work.
also, most students are taking this course to prep for the
2017 Aug 30
4
rkhunter and prelink
Can't remember if I posted this before... We're getting warnings from
rkhunterWarning: Checking for prerequisites [ Warning ]
All file hash checks will be skipped because:
This system uses prelinking, but the hash function command does not
look like SHA1 or MD5.
Now, googling, I find people saying to rm /etc/prelink.cache, then run
rkhunter --propupd.
Works. And then,
2005 Aug 21
3
YUM is seriously fubar
Okay, I have over 9 gigs of spare room on my main hard drive, so I don't
think var is filling up. I've set prelinking to be off (I think), and
yet still, YUM continues to freeze my computer.
If I try to do a search or install, about half the time it will go nuts
on the hard drive, I lose control of the mouse, and eventually I have no
choice but to hard reset.
What's wrong with
2006 Sep 13
5
Re: strange mtime/md5sum behaviour and constantly changing files with links
On Sep 8, 2006, at 5:58 AM, Thorsten Sandfuchs wrote:
> hio,
> as I have some huge files to distribute and md5-sum-checking takes
> SOME time
> for them, I''m trying to switch to mtime/timestamps, but got no
> luck. Regularly
> the mtime seems to change and additionally the md5sums generate
> themselves
> anyway.
I''m pretty sure that the file
2007 Jan 02
1
disabling prelink?
What are the pros and cons of disabling prelinking in CentOS 4?
From what I understand, prelinking is ment to be performance
improvement (faster loading time for binaries). I can see some
potential benefit on workstations where many different processes are
started frequently. But how big is that benefit in real life? Would
I slow down things noticably if there is no prelinking?
Is
2015 Jun 18
2
NUX Skype for Linux
So, what does this do?
# cat /etc/prelink.conf.d/skype.conf
-b /usr/bin/skype
--
*** e-Mail is NOT a SECURE channel ***
Do NOT transmit sensitive data via e-Mail
James B. Byrne mailto:ByrneJB at Harte-Lyne.ca
Harte & Lyne Limited http://www.harte-lyne.ca
9 Brockley Drive vox: +1 905 561 1241
Hamilton, Ontario fax:
2007 Dec 19
1
Prelink: Something's happening here
Can anybody explain to me what's going on here? This is a CentOS 4 i386
system.
[root at edison ~]# rm -f /etc/prelink.cache
[root at edison ~]# /etc/cron.daily/prelink
[root at edison ~]# rpm -qf /usr/bin/sqlite3
sqlite-3.3.6-2
[root at edison ~]# rpm --verify sqlite
prelink: /usr/bin/sqlite3: at least one of file's dependencies has changed
since prelinking
S.?.....
2015 Feb 09
2
Did you get my previous email? Not Spam.
On 09/02/15 06:29, Jason Long wrote:
> Thanks.
> I added the Two lines to "smb.conf" but I got below error :
>
> Could not chdir to home directory /home/jason: No such file or directory
> mkdir: cannot create directory ?/home/jason?: Permission denied
> -sh-4.2$
>
>
> About "PAM", I have not the file that you said :
>
>
> [root at printmah
2005 Jun 16
3
turning off prelinking?
In short, the reason considering (and still only considering) turning it off is
to make tripwire usable again (security vs. performance, I guess).
Is it possible to completely turn it off system-wide? Any additional steps
needed on the existing system (that already have half of the binaries
prelinked)?
What order of performance degradation to expect? If it is minor, nobody is
going to cry
2008 Aug 19
3
How Can I Tell How Dovecot Was Installed?
I'm trying to help someone with Dovecot, and it looks like this one is
a few versions behind.
They say that they're not sure if it was installed Via an RPM or a
source tarball. Dovecot is use MySQL.
This is a RHEL5 server. There are RPMs listed as installed (rpm -qa)
but I don't know how I can tell what was used to install the currently
used set up. (also asking on the Postifix list)
2017 Aug 30
2
rkhunter and prelink
On Wed, August 30, 2017 10:43 am, Tony Schreiner wrote:
> This has come up for me on the most recent upgrade, add the line
>
> HASH_CMD=sha1sum
>
> On Wed, Aug 30, 2017 at 11:15 AM, <m.roth at 5-cent.us> wrote:
>
>> Can't remember if I posted this before... We're getting warnings from
>> rkhunterWarning: Checking for prerequisites [ Warning
2001 Nov 07
1
winbind and pam files
In the winbind docs it says the following:
"In /etc/pam.d/* replace the auth lines with something
like this:"
By this (/etc/pam.d/*) do they mean that we change ALL
the files in that directory? If not, what files do we
change? Another set of docs i read for winbind stated
that i should change the /etc/pam.d/samba file, but on
my TurboLinux 6.5 and RH 7.1 systems that file doesn't