[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-users] hacked raq

Subject: RE: [cobalt-users] hacked raq
From: "GPS" <gps@xxxxxxxxxxxxxx>
Date: Wed Feb 21 13:27:31 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

+From: cobalt-users-admin@xxxxxxxxxxxxxxx
+[mailto:cobalt-users-admin@xxxxxxxxxxxxxxx]On Behalf Of Randy Davis
+Sent: Wednesday, February 21, 2001 2:52 PM
+To: 'cobalt-users@xxxxxxxxxxxxxxx'
+Subject: [cobalt-users] hacked raq
+
+
+I tried to re-install via rpm the util-linux, but the message I
+get from the
+RAQ3 is that it can't rename or move /bin/login.  Any ideas, short of total
+restore?  Thanks!
+
+
+Ciao
+Randy

Try:

$root chattr = /bin/login

or

$root chattr -isa /bin/login

Make sure you check all your other checksums:

  /bin/login                    => { good =>
'e400921eb6a2c84822c5d7de5b4f3057', bad =>
'71ee8a5209228fcaee20a7a33351b594'
  /bin/ls                       => { good =>
'f482ae701e46005a358a01c139f1ae74', bad =>
'a8d752c48d016f03704a1c436fc6d3ef'
  /bin/netstat                  => { good =>
'd0eaec3e6bf397c5a81ce3d19ecd7527', bad =>
'62074bd7cddd43bf572cd0b4d08a0d01'
  /bin/ping                     => { good =>
'9360094b873124bd6b2ac110ea6a5d20', bad =>
'5f0bbd2d9870e4a1c33635bbebd63b86'
  /bin/ps                       => { good =>
'6d16efee5baecce7a6db7d1e1a088813', bad =>
'cfb705dc5a33387ffa2d0419d4e063ce'
  /bin/su                       => { good =>
'231be390b7abe8c8ea5e3d9ee0dc8868', bad =>
'20b6d3f692c401c9be5517902a600b13'
  /etc/rc.d/init.d/network      => { good =>
'02dee8e3f98e15ede99e77726d1db570', bad =>
'4e63e769dcea7d936716bd817e03f895'
  /usr/bin/dir                  => { good =>
'b1713d95fd6664c216ccd113cd1c366a', bad =>
'a8d752c48d016f03704a1c436fc6d3ef'
  /usr/bin/du                   => { good =>
'5b1e21c2ec8de4676d296df4aee68dbb', bad =>
'7dde2f05cefb9c540db0034deabd0e3a'
  /usr/bin/find                 => { good =>
'591b34668b1e346061d316e195a22682', bad =>
'4d43ca6eebab1cfabbc836a80c4e98f3'
  /usr/bin/passwd               => { good =>
'b0ea7b138e3fab9a4d116a3d05685147', bad =>
'66ecbeb731ce42903ba4536060656931'
  /usr/sbin/in.telnetd          => { good =>
'42779825eccdcf19cca89e25d71ab440', bad =>
'b49d6b3e1425a7b81e1212c21ef452ad'
  /usr/sbin/named               => { good =>
'db0778ea46c32dd4fded58df21b84500', bad =>
'20a8796196848e0e393b2ec50da0aba4'
  /usr/sbin/sendmail            => { good =>
'90ccd5bddf9f75d5b6caf78b4fa5f1c1', bad =>
'787e9bb638bd73785f275b78c5b053eb'


Complete restore is your best option.

References:
- [cobalt-users] hacked raq
  - From: Randy Davis

Prev by Date: RE: [cobalt-users] Atdot
Next by Date: [cobalt-users] RAQ2 : mod_perl
Previous by thread: [cobalt-users] hacked raq
Next by thread: Re: [cobalt-users] hacked raq

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index