similar to: unverified files in 5.4

Has anyone else seen chkrootkit (version 0.43) on 4.10-prerelease or later report chfn, chsh, and date as infected? I built world yesterday, and my nightly chkrootkit reports this on run. I've replaced the binaries with their 4.9 equivalents, and things don't report as infected. I upgrade the 4.9 machine to 4.10, and chkrootkit reports them as infected again. Is this similar to the

I ran chkrootkit ( v. chkrootkit-0.43 ) earlier and noticed that chfn, date, and chsh showed as being infected. I remember reading post from the past that right now chkrootkit is giving alot of false positives, so I suspected that these 3 binaries are not bad. However, to be on the safe side, I deleted the 3 binaries, removed /usr/src and did a 'make world' to 4.10-STABLE. But, chfn,

My machine got hacked a few days ago through the samba bug. I reinstalled everything cvsuped src-all, and ran chkrootkit. No more LKM but still... Can anyone please advise ? bash-2.05b# chkrootkit | grep INFECTED Checking `chfn'... INFECTED Checking `chsh'... INFECTED Checking `date'... INFECTED Checking `ls'... INFECTED Checking `ps'... INFECTED -- Jay -------------- next

Hi, I have a 4.9-STABLE FreeBSD box apparently hacked! Yesterday I ran chkrootkit-0.41 and I don't like some of the outputs. Those are: chfn ... INFECTED chsh ... INFECTED date ... INFECTED ls ... INFECTED ps ... INFECTED But all the rest is NOT PROMISC, NOT INFECTED, NOTHING FOUND, NOTHING DELETED, or NOTHING DETECTED. I know by the FreeBSD-Security archives that

Hi! Running chkrootkit on newly installed FreeBSD 5.0 got: -cut- Checking `basename'... not infected Checking `biff'... not infected Checking `chfn'... INFECTED Checking `chsh'... INFECTED Checking `cron'... not infected Checking `date'... INFECTED -cut- Checking `ls'... INFECTED -cut- Checking `ps'... INFECTED Checking `pstree'... not found -cut- What does it

On 08/02/15 06:51, Jason Long wrote: > Thanks a lot. > > [root at printmah ~]# getent passwd jason > jason:*:11303:10513:jason JASON:/home/JASONDOMAIN/jason:/bin/false > > But I can't login to Linux via AD username and it show me : > > > > Last login: Sun Feb 8 01:48:32 2015 > Could not chdir to home directory /home/JASONDOMAIN/jason: No such file or directory

I am running a Xen installation on a Centos-4.4 based test box, my desktop unit, and I am having intermittent problems installing certain pieces of software. Some time back I posted to this list regarding my inability to install Adobe Acrobat on this unit and was advised to essentially repackage the software and try again. This is beyond my present means of knowledge or time to acquire same and

Hello! I've found that on two FreeBSD 4.5-RELEASE boxes chkrootkit finds: Checking `chfn'... INFECTED Checking `chsh'... INFECTED Checking `date'... INFECTED Checking `ls'... INFECTED Checking `ps'... INFECTED recompiling, say, ls from souces didn't help. False positive or source changed as well? -- Alex.

prepping to teach a 5-day CompTIA linux+ course next week with CompTIA-supplied courseware and, given that it was my choice, i chose to set up the classroom with centos 7.4 on all the student systems since i assume most students are there to learn sysadmin and that's the most likely platform they'll have when they get back to work. also, most students are taking this course to prep for the

Can't remember if I posted this before... We're getting warnings from rkhunterWarning: Checking for prerequisites [ Warning ] All file hash checks will be skipped because: This system uses prelinking, but the hash function command does not look like SHA1 or MD5. Now, googling, I find people saying to rm /etc/prelink.cache, then run rkhunter --propupd. Works. And then,

Okay, I have over 9 gigs of spare room on my main hard drive, so I don't think var is filling up. I've set prelinking to be off (I think), and yet still, YUM continues to freeze my computer. If I try to do a search or install, about half the time it will go nuts on the hard drive, I lose control of the mouse, and eventually I have no choice but to hard reset. What's wrong with

On Sep 8, 2006, at 5:58 AM, Thorsten Sandfuchs wrote: > hio, > as I have some huge files to distribute and md5-sum-checking takes > SOME time > for them, I''m trying to switch to mtime/timestamps, but got no > luck. Regularly > the mtime seems to change and additionally the md5sums generate > themselves > anyway. I''m pretty sure that the file

What are the pros and cons of disabling prelinking in CentOS 4? From what I understand, prelinking is ment to be performance improvement (faster loading time for binaries). I can see some potential benefit on workstations where many different processes are started frequently. But how big is that benefit in real life? Would I slow down things noticably if there is no prelinking? Is

So, what does this do? # cat /etc/prelink.conf.d/skype.conf -b /usr/bin/skype -- *** e-Mail is NOT a SECURE channel *** Do NOT transmit sensitive data via e-Mail James B. Byrne mailto:ByrneJB at Harte-Lyne.ca Harte & Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax:

Can anybody explain to me what's going on here? This is a CentOS 4 i386 system. [root at edison ~]# rm -f /etc/prelink.cache [root at edison ~]# /etc/cron.daily/prelink [root at edison ~]# rpm -qf /usr/bin/sqlite3 sqlite-3.3.6-2 [root at edison ~]# rpm --verify sqlite prelink: /usr/bin/sqlite3: at least one of file's dependencies has changed since prelinking S.?.....

On 09/02/15 06:29, Jason Long wrote: > Thanks. > I added the Two lines to "smb.conf" but I got below error : > > Could not chdir to home directory /home/jason: No such file or directory > mkdir: cannot create directory ?/home/jason?: Permission denied > -sh-4.2$ > > > About "PAM", I have not the file that you said : > > > [root at printmah

In short, the reason considering (and still only considering) turning it off is to make tripwire usable again (security vs. performance, I guess). Is it possible to completely turn it off system-wide? Any additional steps needed on the existing system (that already have half of the binaries prelinked)? What order of performance degradation to expect? If it is minor, nobody is going to cry

I'm trying to help someone with Dovecot, and it looks like this one is a few versions behind. They say that they're not sure if it was installed Via an RPM or a source tarball. Dovecot is use MySQL. This is a RHEL5 server. There are RPMs listed as installed (rpm -qa) but I don't know how I can tell what was used to install the currently used set up. (also asking on the Postifix list)

On Wed, August 30, 2017 10:43 am, Tony Schreiner wrote: > This has come up for me on the most recent upgrade, add the line > > HASH_CMD=sha1sum > > On Wed, Aug 30, 2017 at 11:15 AM, <m.roth at 5-cent.us> wrote: > >> Can't remember if I posted this before... We're getting warnings from >> rkhunterWarning: Checking for prerequisites [ Warning

In the winbind docs it says the following: "In /etc/pam.d/* replace the auth lines with something like this:" By this (/etc/pam.d/*) do they mean that we change ALL the files in that directory? If not, what files do we change? Another set of docs i read for winbind stated that i should change the /etc/pam.d/samba file, but on my TurboLinux 6.5 and RH 7.1 systems that file doesn't