Re: Hackers are unstoppable!

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



It seems you wern't hacked. I'd try rkhunter to make sure.
use the dedora repos to install it (not the rpm from the app's site (http://rootkit.nl):
 
yum install rkhunter
rkhunter --update
rkhunter -c
 
all as root, ofcourse.
 
good luck !
 
On 8/29/05, Michael Schwendt <mschwendt.tmp0501.nospam@xxxxxxxx> wrote:
On Sun, 28 Aug 2005 17:43:51 -0400, Webmaster wrote:

> We have not been able to determine how a hacker was eble to crack one of
> our hosts
> and deposit binaries on all the hosts in our network (all hosts are FC3).

Only those unimportant ones you listed? That doesn't look like it was a
hacker.

> A tripwire report shows the following binaries as being modified.

If you use Tripwire, you need to be careful after updates of your
installation. Update the Tripwire database at the right time, also to
accompany everything the prelinking cron job might have done.

> chkrootkit.0.45 sometimes
> reports that an LKM trojan has been installed, but it does not report a
> problem each time it is invoked.

Give an example.  chkrootkit is not 100%, it just provides some default
searches. Threads hidden in the /proc fs can lead to false positives,
and so can rare files which match chkrootkit's checks, but are not
a hacker's work actually.

> Modified:
> "/usr/bin"
> "/usr/bin/411toppm"
> "/usr/bin/asciitopgm"
> "/usr/bin/atktopbm"
> "/usr/bin/bioradtopgm"
> "/usr/bin/bmptopnm"
> "/usr/bin/brushtopbm"
> "/usr/bin/cameratopam"
> "/usr/bin/cmuwmtopbm"
> "/usr/bin/ddbugtopbm"
> "/usr/bin/escp2topbm"
> "/usr/bin/eyuvtoppm"
> "/usr/bin/fiascotopnm"
> "/usr/bin/fitstopnm"
> "/usr/bin/fstopgm"
> "/usr/bin/g3topbm"
> "/usr/bin/gemtopnm"
> "/usr/bin/giftopnm"
> "/usr/bin/gouldtoppm"
> "/usr/bin/hdifftopam"
> "/usr/bin/hipstopgm"
> "/usr/bin/icontopbm"
> "/usr/bin/ilbmtoppm"
> "/usr/bin/imgtoppm"
> "/usr/bin/infotopam"
> "/usr/bin/jbigtopnm"
> "/usr/bin/jpeg2ktopam"
> "/usr/bin/jpegtopnm"
> "/usr/bin/leaftoppm"
> "/usr/bin/lispmtopgm"
> "/usr/bin/macptopbm"
> "/usr/bin/mdatopbm"
> "/usr/bin/mgrtopbm"
> "/usr/bin/mrftopbm"
> "/usr/bin/mtvtoppm"
> "/usr/bin/neotoppm"
> "/usr/bin/palmtopnm"
> "/usr/bin/pamarith"
> "/usr/bin/pamchannel"
> "/usr/bin/pamcomp"
> "/usr/bin/pamcut"
> "/usr/bin/pamdeinterlace"
> "/usr/bin/pamdice"
> "/usr/bin/pamditherbw"
> "/usr/bin/pamedge"
> "/usr/bin/pamendian"
> "/usr/bin/pamenlarge"
> "/usr/bin/pamfile"
> "/usr/bin/pamflip"
> "/usr/bin/pamfunc"
> "/usr/bin/pamgauss"
> "/usr/bin/pamlookup"
> "/usr/bin/pammasksharpen"
> "/usr/bin/pamoil"
> "/usr/bin/pamperspective"
> "/usr/bin/pampop9"
> "/usr/bin/pamscale"
> "/usr/bin/pamseq"
> "/usr/bin/pamsharpmap"
> "/usr/bin/pamsharpness"
> "/usr/bin/pamslice"
> "/usr/bin/pamstack"
> "/usr/bin/pamstereogram"
> "/usr/bin/pamstretch"
> "/usr/bin/pamsumm"
> "/usr/bin/pamsummcol"
> "/usr/bin/pamtodjvurle"
> "/usr/bin/pamtohdiff"
> "/usr/bin/pamtohtmltbl"
> "/usr/bin/pamtojpeg2k"
> "/usr/bin/pamtopfm"
> "/usr/bin/pamtopnm"
> "/usr/bin/pamtotga"
> "/usr/bin/pamtouil"
> "/usr/bin/pbmclean"
> "/usr/bin/pbmlife"
> "/usr/bin/pbmmake"
> "/usr/bin/pbmmask"
> "/usr/bin/pbmpage"
> "/usr/bin/pbmpscale"
> "/usr/bin/pbmreduce"
> "/usr/bin/pbmtext"
> "/usr/bin/pbmtextps"
> "/usr/bin/pbmto10x"
> "/usr/bin/pbmto4425"
> "/usr/bin/pbmtoascii"
> "/usr/bin/pbmtoatk"
> "/usr/bin/pbmtobbnbg"
> "/usr/bin/pbmtocmuwm"
> "/usr/bin/pbmtodjvurle"
> "/usr/bin/pbmtoepsi"
> "/usr/bin/pbmtoepson"
> "/usr/bin/pbmtoescp2"
> "/usr/bin/pbmtog3"
> "/usr/bin/pbmtogem"
> "/usr/bin/pbmtogo"
> "/usr/bin/pbmtoibm23xx"
> "/usr/bin/pbmtoicon"
> "/usr/bin/pbmtolj"
> "/usr/bin/pbmtoln03"
> "/usr/bin/pbmtolps"
> "/usr/bin/pbmtomacp"
> "/usr/bin/pbmtomatrixorbital"
> "/usr/bin/pbmtomda"
> "/usr/bin/pbmtomgr"
> "/usr/bin/pbmtomrf"
> "/usr/bin/pbmtonokia"
> "/usr/bin/pbmtopgm"
> "/usr/bin/pbmtopi3"
> "/usr/bin/pbmtopk"
> "/usr/bin/pbmtoplot"
> "/usr/bin/pbmtoppa"
> "/usr/bin/pbmtopsg3"
> "/usr/bin/pbmtoptx"
> "/usr/bin/pbmtowbmp"
> "/usr/bin/pbmtox10bm"
> "/usr/bin/pbmtoxbm"
> "/usr/bin/pbmtoybm"
> "/usr/bin/pbmtozinc"
> "/usr/bin/pbmupc"
> "/usr/bin/pc1toppm"
> "/usr/bin/pcxtoppm"
> "/usr/bin/pfmtopam"
> "/usr/bin/pgmabel"
> "/usr/bin/pgmbentley"
> "/usr/bin/pgmcrater"
> "/usr/bin/pgmenhance"
> "/usr/bin/pgmhist"
> "/usr/bin/pgmkernel"
> "/usr/bin/pgmminkowski"
> "/usr/bin/pgmmorphconv"
> "/usr/bin/pgmnoise"
> "/usr/bin/pgmramp"
> "/usr/bin/pgmtexture"
> "/usr/bin/pgmtofs"
> "/usr/bin/pgmtolispm"
> "/usr/bin/pgmtopbm"
> "/usr/bin/pgmtopgm"
> "/usr/bin/pgmtoppm"
> "/usr/bin/pi1toppm"
> "/usr/bin/pi3topbm"
> "/usr/bin/pjtoppm"
> "/usr/bin/pktopbm"
> "/usr/bin/pngtopnm"
> "/usr/bin/pnmalias"
> "/usr/bin/pnmcat"
> "/usr/bin/pnmcolormap"
> "/usr/bin/pnmcomp"
> "/usr/bin/pnmconvol"
> "/usr/bin/pnmcrop"
> "/usr/bin/pnmcut"
> "/usr/bin/pnmdepth"
> "/usr/bin/pnmgamma"
> "/usr/bin/pnmhisteq"
> "/usr/bin/pnmhistmap"
> "/usr/bin/pnmindex"
> "/usr/bin/pnminvert"
> "/usr/bin/pnmmontage"
> "/usr/bin/pnmnlfilt"
> "/usr/bin/pnmnorm"
> "/usr/bin/pnmpad"
> "/usr/bin/pnmpaste"
> "/usr/bin/pnmpsnr"
> "/usr/bin/pnmremap"
> "/usr/bin/pnmrotate"
> "/usr/bin/pnmscale"
> "/usr/bin/pnmscalefixed"
> "/usr/bin/pnmshear"
> "/usr/bin/pnmsmooth"
> "/usr/bin/pnmsplit"
> "/usr/bin/pnmstitch"
> "/usr/bin/pnmtile"
> "/usr/bin/pnmtoddif"
> "/usr/bin/pnmtofiasco"
> "/usr/bin/pnmtofits"
> "/usr/bin/pnmtojbig"
> "/usr/bin/pnmtojpeg"
> "/usr/bin/pnmtopalm"
> "/usr/bin/pnmtopclxl"
> "/usr/bin/pnmtopng"
> "/usr/bin/pnmtops"
> "/usr/bin/pnmtorast"
> "/usr/bin/pnmtorle"
> "/usr/bin/pnmtosgi"
> "/usr/bin/pnmtosir"
> "/usr/bin/pnmtotiff"
> "/usr/bin/pnmtotiffcmyk"
> "/usr/bin/pnmtoxwd"
> "/usr/bin/ppm3d"
> "/usr/bin/ppmbrighten"
> "/usr/bin/ppmchange"
> "/usr/bin/ppmcie"
> "/usr/bin/ppmcolormask"
> "/usr/bin/ppmcolors"
> "/usr/bin/ppmdim"
> "/usr/bin/ppmdist"
> "/usr/bin/ppmdither"
> "/usr/bin/ppmflash"
> "/usr/bin/ppmforge"
> "/usr/bin/ppmglobe"
> "/usr/bin/ppmhist"
> "/usr/bin/ppmlabel"
> "/usr/bin/ppmmake"
> "/usr/bin/ppmmix"
> "/usr/bin/ppmntsc"
> "/usr/bin/ppmpat"
> "/usr/bin/ppmrelief"
> "/usr/bin/ppmrough"
> "/usr/bin/ppmshift"
> "/usr/bin/ppmspread"
> "/usr/bin/ppmtoacad"
> "/usr/bin/ppmtoarbtxt"
> "/usr/bin/ppmtobmp"
> "/usr/bin/ppmtoeyuv"
> "/usr/bin/ppmtogif"
> "/usr/bin/ppmtoicr"
> "/usr/bin/ppmtoilbm"
> "/usr/bin/ppmtoleaf"
> "/usr/bin/ppmtolj"
> "/usr/bin/ppmtomitsu"
> "/usr/bin/ppmtompeg"
> "/usr/bin/ppmtoneo"
> "/usr/bin/ppmtopcx"
> "/usr/bin/ppmtopgm"
> "/usr/bin/ppmtopi1"
> "/usr/bin/ppmtopict"
> "/usr/bin/ppmtopj"
> "/usr/bin/ppmtopjxl"
> "/usr/bin/ppmtoppm"
> "/usr/bin/ppmtopuzz"
> "/usr/bin/ppmtorgb3"
> "/usr/bin/ppmtosixel"
> "/usr/bin/ppmtoterm"
> "/usr/bin/ppmtowinicon"
> "/usr/bin/ppmtoxpm"
> "/usr/bin/ppmtoyuv"
> "/usr/bin/ppmtoyuvsplit"
> "/usr/bin/ppmtv"
> "/usr/bin/ppmwheel"
> "/usr/bin/psidtopgm"
> "/usr/bin/pstopnm"
> "/usr/bin/qrttoppm"
> "/usr/bin/rasttopnm"
> "/usr/bin/rawtopgm"
> "/usr/bin/rawtoppm"
> "/usr/bin/rgb3toppm"
> "/usr/bin/rletopnm"
> "/usr/bin/sbigtopgm"
> "/usr/bin/sgitopnm"
> "/usr/bin/sirtopnm"
> "/usr/bin/sldtoppm"
> "/usr/bin/spctoppm"
> "/usr/bin/spottopgm"
> "/usr/bin/sputoppm"
> "/usr/bin/tgatoppm"
> "/usr/bin/thinkjettopbm"
> "/usr/bin/tifftopnm"
> "/usr/bin/wbmptopbm"
> "/usr/bin/winicontoppm"
> "/usr/bin/xbmtopbm"
> "/usr/bin/ximtoppm"
> "/usr/bin/xpmtoppm"
> "/usr/bin/xvminitoppm"
> "/usr/bin/xwdtopnm"
> "/usr/bin/ybmtopbm"
> "/usr/bin/yuvsplittoppm"
> "/usr/bin/yuvtoppm"
> "/usr/bin/zeisstopnm"

Post "rpm --query --all --last | head" please!

--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list



--
:====================================================:.

Amichai Rotman

UIN#: 6401746
Registered Linux User#: 201192

-----------------------------------------------------------------------------------

PLEASE READ: http://www.fsf.org/philosophy/no-word-attachments.html

-----------------------------------------------------------------------------------------------------------

[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux