[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-developers] restore original binaries 'ps', 'last' etc.
- Subject: Re: [cobalt-developers] restore original binaries 'ps', 'last' etc.
- From: Jeff Lasman <jblists@xxxxxxxxxxxxx>
- Date: Mon Dec 16 09:25:01 2002
- Organization: nobaloney.net
- List-id: Discussion Forum for developers on Sun Cobalt Networks products <cobalt-developers.list.cobalt.com>
WaveWeb wrote:
> Is there a way to check if I still have the original operating system binaries installed on my RaQ4 without making an OS-restore?
>
> -rwxr-xr-x 1 root root 10608 Apr 25 2000 /usr/bin/last*
> -rwxr-xr-x 1 root root 50148 Sep 9 1999 /bin/ls*
> -r-xr-xr-x 1 root root 60080 Mar 7 2000 /bin/ps*
> -rwsr-xr-x 1 root root 14612 May 30 2000 /bin/su*
It's tempting to accept Gerald's respnse. But there's still a
possibility you've been hacked and don't have the right binaries. You
can have a kernel hack; some of them are almost invisible. You can also
have replacement files on your computer so the checksum and directories
will look right even though they aren't. Both of these hacks are
somewhat common in Linux.
But all is not lost. I highly recommend installing the latest version
of chkrootkit if you don't have it already; running will detect most
hacks (though there are some kernel hacks it might not find).
You can get it from "http://www.chkrootkit.org/";.
Jeff
--
Jeff Lasman, nobaloney.net, P. O. Box 52672, Riverside, CA 92517 US
Internet & Unix/Linux/Sun/Cobalt Consulting +1 909 778-9980
Our jblists address used on lists is for list email only
To contact us offlist: "http://www.nobaloney.net/contactus.html";