Hackers are unstoppable!
Amichai Rotman
poder.pinguino at gmail.com
Mon Aug 29 08:55:53 UTC 2005
It seems you wern't hacked. I'd try rkhunter to make sure.
use the dedora repos to install it (not the rpm from the app's site (
http://rootkit.nl):
yum install rkhunter
rkhunter --update
rkhunter -c
all as root, ofcourse.
good luck !
On 8/29/05, Michael Schwendt <mschwendt.tmp0501.nospam at arcor.de> wrote:
>
> On Sun, 28 Aug 2005 17:43:51 -0400, Webmaster wrote:
>
> > We have not been able to determine how a hacker was eble to crack one of
> > our hosts
> > and deposit binaries on all the hosts in our network (all hosts are
> FC3).
>
> Only those unimportant ones you listed? That doesn't look like it was a
> hacker.
>
> > A tripwire report shows the following binaries as being modified.
>
> If you use Tripwire, you need to be careful after updates of your
> installation. Update the Tripwire database at the right time, also to
> accompany everything the prelinking cron job might have done.
>
> > chkrootkit.0.45 sometimes
> > reports that an LKM trojan has been installed, but it does not report a
> > problem each time it is invoked.
>
> Give an example. chkrootkit is not 100%, it just provides some default
> searches. Threads hidden in the /proc fs can lead to false positives,
> and so can rare files which match chkrootkit's checks, but are not
> a hacker's work actually.
>
> > Modified:
> > "/usr/bin"
> > "/usr/bin/411toppm"
> > "/usr/bin/asciitopgm"
> > "/usr/bin/atktopbm"
> > "/usr/bin/bioradtopgm"
> > "/usr/bin/bmptopnm"
> > "/usr/bin/brushtopbm"
> > "/usr/bin/cameratopam"
> > "/usr/bin/cmuwmtopbm"
> > "/usr/bin/ddbugtopbm"
> > "/usr/bin/escp2topbm"
> > "/usr/bin/eyuvtoppm"
> > "/usr/bin/fiascotopnm"
> > "/usr/bin/fitstopnm"
> > "/usr/bin/fstopgm"
> > "/usr/bin/g3topbm"
> > "/usr/bin/gemtopnm"
> > "/usr/bin/giftopnm"
> > "/usr/bin/gouldtoppm"
> > "/usr/bin/hdifftopam"
> > "/usr/bin/hipstopgm"
> > "/usr/bin/icontopbm"
> > "/usr/bin/ilbmtoppm"
> > "/usr/bin/imgtoppm"
> > "/usr/bin/infotopam"
> > "/usr/bin/jbigtopnm"
> > "/usr/bin/jpeg2ktopam"
> > "/usr/bin/jpegtopnm"
> > "/usr/bin/leaftoppm"
> > "/usr/bin/lispmtopgm"
> > "/usr/bin/macptopbm"
> > "/usr/bin/mdatopbm"
> > "/usr/bin/mgrtopbm"
> > "/usr/bin/mrftopbm"
> > "/usr/bin/mtvtoppm"
> > "/usr/bin/neotoppm"
> > "/usr/bin/palmtopnm"
> > "/usr/bin/pamarith"
> > "/usr/bin/pamchannel"
> > "/usr/bin/pamcomp"
> > "/usr/bin/pamcut"
> > "/usr/bin/pamdeinterlace"
> > "/usr/bin/pamdice"
> > "/usr/bin/pamditherbw"
> > "/usr/bin/pamedge"
> > "/usr/bin/pamendian"
> > "/usr/bin/pamenlarge"
> > "/usr/bin/pamfile"
> > "/usr/bin/pamflip"
> > "/usr/bin/pamfunc"
> > "/usr/bin/pamgauss"
> > "/usr/bin/pamlookup"
> > "/usr/bin/pammasksharpen"
> > "/usr/bin/pamoil"
> > "/usr/bin/pamperspective"
> > "/usr/bin/pampop9"
> > "/usr/bin/pamscale"
> > "/usr/bin/pamseq"
> > "/usr/bin/pamsharpmap"
> > "/usr/bin/pamsharpness"
> > "/usr/bin/pamslice"
> > "/usr/bin/pamstack"
> > "/usr/bin/pamstereogram"
> > "/usr/bin/pamstretch"
> > "/usr/bin/pamsumm"
> > "/usr/bin/pamsummcol"
> > "/usr/bin/pamtodjvurle"
> > "/usr/bin/pamtohdiff"
> > "/usr/bin/pamtohtmltbl"
> > "/usr/bin/pamtojpeg2k"
> > "/usr/bin/pamtopfm"
> > "/usr/bin/pamtopnm"
> > "/usr/bin/pamtotga"
> > "/usr/bin/pamtouil"
> > "/usr/bin/pbmclean"
> > "/usr/bin/pbmlife"
> > "/usr/bin/pbmmake"
> > "/usr/bin/pbmmask"
> > "/usr/bin/pbmpage"
> > "/usr/bin/pbmpscale"
> > "/usr/bin/pbmreduce"
> > "/usr/bin/pbmtext"
> > "/usr/bin/pbmtextps"
> > "/usr/bin/pbmto10x"
> > "/usr/bin/pbmto4425"
> > "/usr/bin/pbmtoascii"
> > "/usr/bin/pbmtoatk"
> > "/usr/bin/pbmtobbnbg"
> > "/usr/bin/pbmtocmuwm"
> > "/usr/bin/pbmtodjvurle"
> > "/usr/bin/pbmtoepsi"
> > "/usr/bin/pbmtoepson"
> > "/usr/bin/pbmtoescp2"
> > "/usr/bin/pbmtog3"
> > "/usr/bin/pbmtogem"
> > "/usr/bin/pbmtogo"
> > "/usr/bin/pbmtoibm23xx"
> > "/usr/bin/pbmtoicon"
> > "/usr/bin/pbmtolj"
> > "/usr/bin/pbmtoln03"
> > "/usr/bin/pbmtolps"
> > "/usr/bin/pbmtomacp"
> > "/usr/bin/pbmtomatrixorbital"
> > "/usr/bin/pbmtomda"
> > "/usr/bin/pbmtomgr"
> > "/usr/bin/pbmtomrf"
> > "/usr/bin/pbmtonokia"
> > "/usr/bin/pbmtopgm"
> > "/usr/bin/pbmtopi3"
> > "/usr/bin/pbmtopk"
> > "/usr/bin/pbmtoplot"
> > "/usr/bin/pbmtoppa"
> > "/usr/bin/pbmtopsg3"
> > "/usr/bin/pbmtoptx"
> > "/usr/bin/pbmtowbmp"
> > "/usr/bin/pbmtox10bm"
> > "/usr/bin/pbmtoxbm"
> > "/usr/bin/pbmtoybm"
> > "/usr/bin/pbmtozinc"
> > "/usr/bin/pbmupc"
> > "/usr/bin/pc1toppm"
> > "/usr/bin/pcxtoppm"
> > "/usr/bin/pfmtopam"
> > "/usr/bin/pgmabel"
> > "/usr/bin/pgmbentley"
> > "/usr/bin/pgmcrater"
> > "/usr/bin/pgmenhance"
> > "/usr/bin/pgmhist"
> > "/usr/bin/pgmkernel"
> > "/usr/bin/pgmminkowski"
> > "/usr/bin/pgmmorphconv"
> > "/usr/bin/pgmnoise"
> > "/usr/bin/pgmramp"
> > "/usr/bin/pgmtexture"
> > "/usr/bin/pgmtofs"
> > "/usr/bin/pgmtolispm"
> > "/usr/bin/pgmtopbm"
> > "/usr/bin/pgmtopgm"
> > "/usr/bin/pgmtoppm"
> > "/usr/bin/pi1toppm"
> > "/usr/bin/pi3topbm"
> > "/usr/bin/pjtoppm"
> > "/usr/bin/pktopbm"
> > "/usr/bin/pngtopnm"
> > "/usr/bin/pnmalias"
> > "/usr/bin/pnmcat"
> > "/usr/bin/pnmcolormap"
> > "/usr/bin/pnmcomp"
> > "/usr/bin/pnmconvol"
> > "/usr/bin/pnmcrop"
> > "/usr/bin/pnmcut"
> > "/usr/bin/pnmdepth"
> > "/usr/bin/pnmgamma"
> > "/usr/bin/pnmhisteq"
> > "/usr/bin/pnmhistmap"
> > "/usr/bin/pnmindex"
> > "/usr/bin/pnminvert"
> > "/usr/bin/pnmmontage"
> > "/usr/bin/pnmnlfilt"
> > "/usr/bin/pnmnorm"
> > "/usr/bin/pnmpad"
> > "/usr/bin/pnmpaste"
> > "/usr/bin/pnmpsnr"
> > "/usr/bin/pnmremap"
> > "/usr/bin/pnmrotate"
> > "/usr/bin/pnmscale"
> > "/usr/bin/pnmscalefixed"
> > "/usr/bin/pnmshear"
> > "/usr/bin/pnmsmooth"
> > "/usr/bin/pnmsplit"
> > "/usr/bin/pnmstitch"
> > "/usr/bin/pnmtile"
> > "/usr/bin/pnmtoddif"
> > "/usr/bin/pnmtofiasco"
> > "/usr/bin/pnmtofits"
> > "/usr/bin/pnmtojbig"
> > "/usr/bin/pnmtojpeg"
> > "/usr/bin/pnmtopalm"
> > "/usr/bin/pnmtopclxl"
> > "/usr/bin/pnmtopng"
> > "/usr/bin/pnmtops"
> > "/usr/bin/pnmtorast"
> > "/usr/bin/pnmtorle"
> > "/usr/bin/pnmtosgi"
> > "/usr/bin/pnmtosir"
> > "/usr/bin/pnmtotiff"
> > "/usr/bin/pnmtotiffcmyk"
> > "/usr/bin/pnmtoxwd"
> > "/usr/bin/ppm3d"
> > "/usr/bin/ppmbrighten"
> > "/usr/bin/ppmchange"
> > "/usr/bin/ppmcie"
> > "/usr/bin/ppmcolormask"
> > "/usr/bin/ppmcolors"
> > "/usr/bin/ppmdim"
> > "/usr/bin/ppmdist"
> > "/usr/bin/ppmdither"
> > "/usr/bin/ppmflash"
> > "/usr/bin/ppmforge"
> > "/usr/bin/ppmglobe"
> > "/usr/bin/ppmhist"
> > "/usr/bin/ppmlabel"
> > "/usr/bin/ppmmake"
> > "/usr/bin/ppmmix"
> > "/usr/bin/ppmntsc"
> > "/usr/bin/ppmpat"
> > "/usr/bin/ppmrelief"
> > "/usr/bin/ppmrough"
> > "/usr/bin/ppmshift"
> > "/usr/bin/ppmspread"
> > "/usr/bin/ppmtoacad"
> > "/usr/bin/ppmtoarbtxt"
> > "/usr/bin/ppmtobmp"
> > "/usr/bin/ppmtoeyuv"
> > "/usr/bin/ppmtogif"
> > "/usr/bin/ppmtoicr"
> > "/usr/bin/ppmtoilbm"
> > "/usr/bin/ppmtoleaf"
> > "/usr/bin/ppmtolj"
> > "/usr/bin/ppmtomitsu"
> > "/usr/bin/ppmtompeg"
> > "/usr/bin/ppmtoneo"
> > "/usr/bin/ppmtopcx"
> > "/usr/bin/ppmtopgm"
> > "/usr/bin/ppmtopi1"
> > "/usr/bin/ppmtopict"
> > "/usr/bin/ppmtopj"
> > "/usr/bin/ppmtopjxl"
> > "/usr/bin/ppmtoppm"
> > "/usr/bin/ppmtopuzz"
> > "/usr/bin/ppmtorgb3"
> > "/usr/bin/ppmtosixel"
> > "/usr/bin/ppmtoterm"
> > "/usr/bin/ppmtowinicon"
> > "/usr/bin/ppmtoxpm"
> > "/usr/bin/ppmtoyuv"
> > "/usr/bin/ppmtoyuvsplit"
> > "/usr/bin/ppmtv"
> > "/usr/bin/ppmwheel"
> > "/usr/bin/psidtopgm"
> > "/usr/bin/pstopnm"
> > "/usr/bin/qrttoppm"
> > "/usr/bin/rasttopnm"
> > "/usr/bin/rawtopgm"
> > "/usr/bin/rawtoppm"
> > "/usr/bin/rgb3toppm"
> > "/usr/bin/rletopnm"
> > "/usr/bin/sbigtopgm"
> > "/usr/bin/sgitopnm"
> > "/usr/bin/sirtopnm"
> > "/usr/bin/sldtoppm"
> > "/usr/bin/spctoppm"
> > "/usr/bin/spottopgm"
> > "/usr/bin/sputoppm"
> > "/usr/bin/tgatoppm"
> > "/usr/bin/thinkjettopbm"
> > "/usr/bin/tifftopnm"
> > "/usr/bin/wbmptopbm"
> > "/usr/bin/winicontoppm"
> > "/usr/bin/xbmtopbm"
> > "/usr/bin/ximtoppm"
> > "/usr/bin/xpmtoppm"
> > "/usr/bin/xvminitoppm"
> > "/usr/bin/xwdtopnm"
> > "/usr/bin/ybmtopbm"
> > "/usr/bin/yuvsplittoppm"
> > "/usr/bin/yuvtoppm"
> > "/usr/bin/zeisstopnm"
>
> Post "rpm --query --all --last | head" please!
>
> --
> fedora-list mailing list
> fedora-list at redhat.com
> To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
>
--
:====================================================:.
Amichai Rotman
UIN#: 6401746
Registered Linux User#: 201192
-----------------------------------------------------------------------------------
PLEASE READ: http://www.fsf.org/philosophy/no-word-attachments.html
-----------------------------------------------------------------------------------------------------------
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20050829/e1395f6a/attachment-0001.htm>
More information about the fedora-list
mailing list