[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Worried about having been hacked



Hi,
I've checked this out and that was happening, but I've just had this
reported by rkhunter;

Warning: Package manager verification has failed:
         File: /bin/rpm
         Try running the command 'prelink /bin/rpm' to resolve
dependency errors.
         The file hash value has changed
         The file size has changed
Warning: Package manager verification has failed:
         File: /usr/bin/passwd
         Try running the command 'prelink /usr/bin/passwd' to resolve
dependency errors.
         The file hash value has changed
         The file size has changed
Warning: Package manager verification has failed:
         File: /usr/bin/perl
         Try running the command 'prelink /usr/bin/perl' to resolve
dependency errors.
         The file hash value has changed
         The file size has changed
Warning: Package manager verification has failed:
         File: /sbin/chkconfig
         Try running the command 'prelink /sbin/chkconfig' to resolve
dependency errors.
         The file hash value has changed
         The file size has changed

I'm not entirely sure what these errors mean though, have these files
been trojan'ed.

Best regards
James

Rick Stevens wrote:
> Arthur Pemberton wrote:
>> On Mon, Jul 6, 2009 at 12:01 PM, James
>> Allsopp<jamesaallsopp googlemail com> wrote:
>>> Hi,
>>> I've a Fedora core 10 system which spends a lot of the time connected
>>> directly to the internet, with a static ip. The only external ports open
>>> are 80 and 22. SSH only allows access to one non-root user via an rsa
>>> key. I'm using an IPtables script from
>>>
>>>> http://iptables-tutorial.frozentux.net/iptables-tutorial.html
>>> However, I normally get my logs e-mailed to an external account and
>>> they're not getting to me. I'm not sure if they've not been sent or my
>>> logs are being altered and hidden. How do I diagnose this problem, and
>>> in general look for security incursions. I'm thinking of leaving
>>> wireshark running on the external ethernet card and see what happens.
>>>
>>> Thanks, any advice much appreciated.
>>> Jim
>>>
>>
>> Have you checked your Spam folder on the receiving email account?
>> Email sent through the mail command tends to get rated very poorly by
>> spam filters.
> 
> You might check the /var/spool/clientmqueue directory to see if the
> mail's been spooled but not sent out and look at the /var/log/maillog
> file to verify the mail was indeed sent to the external account.
> ----------------------------------------------------------------------
> - Rick Stevens, Systems Engineer                      ricks nerd com -
> - AIM/Skype: therps2        ICQ: 22643734            Yahoo: origrps2 -
> -                                                                    -
> -     I was married by a judge.  I should have asked for a jury.     -
> -                                                   -- Groucho Marx  -
> ----------------------------------------------------------------------
> 


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]