[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

FW: [cobalt-users] hacked raq

Subject: FW: [cobalt-users] hacked raq
From: "GPS" <gps@xxxxxxxxxxxxxx>
Date: Sat Feb 24 05:10:26 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

+From: cobalt-users-admin@xxxxxxxxxxxxxxx
+[mailto:cobalt-users-admin@xxxxxxxxxxxxxxx]On Behalf Of Randy Davis
+Sent: Wednesday, February 21, 2001 2:52 PM
+To: 'cobalt-users@xxxxxxxxxxxxxxx'
+Subject: [cobalt-users] hacked raq
+
+
+I tried to re-install via rpm the util-linux, but the message I 
+get from the
+RAQ3 is that it can't rename or move /bin/login.  Any ideas, short of total
+restore?  Thanks!
+
+
+Ciao
+Randy

Try:

$root chattr = /bin/login

or 

$root chattr -isa /bin/login

Make sure you check all your other checksums:

  /bin/login                    => { good => 'e400921eb6a2c84822c5d7de5b4f3057', bad => '71ee8a5209228fcaee20a7a33351b594' 
  /bin/ls                       => { good => 'f482ae701e46005a358a01c139f1ae74', bad => 'a8d752c48d016f03704a1c436fc6d3ef' 
  /bin/netstat                  => { good => 'd0eaec3e6bf397c5a81ce3d19ecd7527', bad => '62074bd7cddd43bf572cd0b4d08a0d01' 
  /bin/ping                     => { good => '9360094b873124bd6b2ac110ea6a5d20', bad => '5f0bbd2d9870e4a1c33635bbebd63b86' 
  /bin/ps                       => { good => '6d16efee5baecce7a6db7d1e1a088813', bad => 'cfb705dc5a33387ffa2d0419d4e063ce' 
  /bin/su                       => { good => '231be390b7abe8c8ea5e3d9ee0dc8868', bad => '20b6d3f692c401c9be5517902a600b13' 
  /etc/rc.d/init.d/network      => { good => '02dee8e3f98e15ede99e77726d1db570', bad => '4e63e769dcea7d936716bd817e03f895' 
  /usr/bin/dir                  => { good => 'b1713d95fd6664c216ccd113cd1c366a', bad => 'a8d752c48d016f03704a1c436fc6d3ef' 
  /usr/bin/du                   => { good => '5b1e21c2ec8de4676d296df4aee68dbb', bad => '7dde2f05cefb9c540db0034deabd0e3a' 
  /usr/bin/find                 => { good => '591b34668b1e346061d316e195a22682', bad => '4d43ca6eebab1cfabbc836a80c4e98f3' 
  /usr/bin/passwd               => { good => 'b0ea7b138e3fab9a4d116a3d05685147', bad => '66ecbeb731ce42903ba4536060656931' 
  /usr/sbin/in.telnetd          => { good => '42779825eccdcf19cca89e25d71ab440', bad => 'b49d6b3e1425a7b81e1212c21ef452ad' 
  /usr/sbin/named               => { good => 'db0778ea46c32dd4fded58df21b84500', bad => '20a8796196848e0e393b2ec50da0aba4' 
  /usr/sbin/sendmail            => { good => '90ccd5bddf9f75d5b6caf78b4fa5f1c1', bad => '787e9bb638bd73785f275b78c5b053eb' 


Complete restore is your best option.

Prev by Date: [cobalt-users] Chili!Soft ASP Multiple Vulnerabilities
Next by Date: [cobalt-users] Check monthly transfer on whole server?
Previous by thread: Re: [cobalt-users] hacked raq
Next by thread: RE: [cobalt-users] hacked raq

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index