[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] Recent Hacks
- Subject: Re: [cobalt-users] Recent Hacks
- From: "fastmedia" <inc@xxxxxxxxxxxxx>
- Date: Thu Feb 8 19:29:01 2001
- List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>
> The following directory was added and contains the rootkit:
>
> /lib/security/.config
>
these files are dated precisely the same as when i applied
the updated bind rpm from cobalt:
[root@www /root]# ls -l /lib/security/.config
-rwxr-xr-x 1 root root 14703 Feb 8 16:06 ava
drwxr-xr-x 2 root root 1024 Feb 8 16:06 backup
drwxr-xr-x 2 root root 1024 Feb 8 16:06 bin
-rwxr--r-- 1 root root 4032 Feb 8 16:06 cleaner
-rwxr-xr-x 1 root root 3648 Feb 8 16:06 crypt
-rwxr-xr-x 1 root root 92 Feb 8 16:06 instmod
-rwxr-xr-x 1 root root 5192 Feb 8 16:06 lpsched
-rw------- 1 root root 180703 Feb 8 16:06
nfs-utils-0.1.9.1-1.i386.
rpm
-rwxr-xr-x 1 root root 2752 Feb 8 16:06 patcher
-rwxr-xr-x 1 root root 3216 Feb 8 16:06 pg
-rwxr-xr-x 1 root root 8816 Feb 8 16:06 rcp
-rw-r--r-- 1 root root 173 Feb 8 16:06 scan.log
-rw-r--r-- 1 root root 0 Feb 8 16:06 sn
drwxr-xr-x 2 root root 1024 Feb 8 16:06 ssh
-rwxr-xr-x 1 root root 96026 Feb 8 16:06 sshd
-rwxr-xr-x 1 root root 1596 Feb 8 16:06 sz
-rwxr-xr-x 1 root root 3052 Feb 8 16:06 utime
-rwxr-xr-x 1 root root 55604 Feb 8 16:06 wget
could they be part of this rpm????