-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 What do you get when running
lsattr / | grep bin ? - --------------------------- [root@NS2 /bin]# lsattr / | grep bin lsattr: Inappropriate ioctl for device While reading flags on //proc sucSiadA //bin sucSiadA //sbin - -------- //bin2 //bin2 is the directory I created last night and used mv to copy the files from bin to bin2 - -------------------------------------------- It might be that your system has been compromised and the hacker tries to protect /bin from being modified. Take a good look at all your security relevant installed packages with rpm -qa --last | less rpm -qa | xargs -n 1 -t rpm -V &> rpm-Va.txt less rpm-Va.txt - ---------------------------------------------- I've done this as well. All of the dates on the packages look OK. They all were installed in July of 2000 except for those I installed yesterday. I've attached rpm-Va.txt. All of the pacages have a V so they look OK. I don't understand the nomenclature on the directories. I'm not sure about the missing files. The only services that run on the machine are (telnet, ftp, sendmail not open outside the lan) and named (open to the internet.) Although for a month or so last fall, when we moved the site the firewall rules had these machines pretty much naked to the world. Thanks for all of your help. Ernie -----BEGIN PGP SIGNATURE----- Version: PGP 8.0 - not licensed for commercial use: www.pgp.com iQA/AwUBPjfhqcUiEXIf88BHEQKaigCgo5qByBe/COWMHY6BDQSbVXJSW9UAn2xw r8ADvfqmc8HOvAHOfHYE/YCJ =ASjJ -----END PGP SIGNATURE-----
rpm -V ElectricFence-2.1-3 rpm -V setup-2.1.8-1 S.5....T c /etc/hosts.allow S.5....T c /etc/services missing /var/log/lastlog rpm -V filesystem-1.3.5-1 .....U.. /root rpm -V basesystem-6.0-4 rpm -V ldconfig-1.9.5-16 rpm -V glibc-2.1.3-15 .......T c /etc/localtime .......T c /etc/nsswitch.conf rpm -V shadow-utils-19990827-10 rpm -V mktemp-1.5-2 rpm -V termcap-10.2.7-9 rpm -V libtermcap-2.0.8-20 rpm -V bash-1.14.7-22 rpm -V MAKEDEV-2.5.2-1 rpm -V ncurses-5.0-11 rpm -V info-4.0-5 S.5....T c /etc/info-dir rpm -V ORBit-0.5.0-3 rpm -V SysVinit-2.78-5 rpm -V grep-2.4-3 rpm -V XFree86-libs-3.3.6-20 rpm -V chkconfig-1.1.2-1 rpm -V XFree86-xfs-3.3.6-20 rpm -V anacron-2.1-6 rpm -V anonftp-3.0-3 rpm -V fileutils-4.0-21 S.5....T /bin/ls rpm -V mailcap-2.0.6-1 ..5....T c /etc/mime.types rpm -V textutils-2.0a-2 rpm -V apache-1.3.12-2 S.5....T c /etc/httpd/conf/httpd.conf missing /var/log/httpd rpm -V apache-manual-1.3.12-2 rpm -V apmd-3.0final-2 rpm -V arpwatch-2.1a4-19 rpm -V ash-0.2-20 rpm -V at-3.1.7-14 .M...... /var/spool/at/.SEQ rpm -V audiofile-0.1.9-3 rpm -V authconfig-3.0.3-1 rpm -V autoconf-2.13-5 rpm -V automake-1.4-6 rpm -V bash2-2.03-8 rpm -V bash2-doc-2.03-8 rpm -V bc-1.05a-5 rpm -V bdflush-1.5-11 rpm -V bind-8.2.2_P5-9 rpm -V bind-utils-8.2.2_P5-9 rpm -V binutils-2.9.5.0.22-6 rpm -V bison-1.28-2 rpm -V byacc-1.9-12 rpm -V bzip2-0.9.5d-2 rpm -V caching-nameserver-6.2-2 missing /etc/named.boot S.5....T c /etc/named.conf .....UGT c /var/named/named.ca S.5..UGT c /var/named/named.local rpm -V cdecl-2.5-10 rpm -V sed-3.02-6 rpm -V console-tools-19990829-10 rpm -V e2fsprogs-1.18-5 rpm -V rmt-0.4b15-1 rpm -V cpio-2.4.2-16 rpm -V cpp-1.1.2-30 rpm -V cproto-4.6-3 rpm -V cracklib-2.7-5 rpm -V cracklib-dicts-2.7-5 rpm -V crontabs-1.7-7 rpm -V ctags-3.4-1 rpm -V cvs-1.10.7-7 rpm -V dev-2.7.18-3 .M...... /dev/hdc .M...... /dev/log ......G. /dev/tty1 ......G. /dev/tty2 ......G. /dev/tty3 ......G. /dev/tty4 ......G. /dev/tty5 ......G. /dev/tty6 rpm -V dev86-0.15.0-2 rpm -V diffstat-1.27-2 rpm -V diffutils-2.7-17 rpm -V dosfstools-2.2-4 rpm -V dump-0.4b15-1 rpm -V ed-0.2-13 rpm -V egcs-1.1.2-30 rpm -V egcs-c++-1.1.2-30 rpm -V eject-2.0.2-4 rpm -V esound-0.2.17-2 rpm -V etcskel-2.3-1 rpm -V file-3.28-2 rpm -V findutils-4.1-34 rpm -V flex-2.5.4a-9 rpm -V freetype-1.3.1-5 rpm -V ftp-0.16-3 rpm -V gawk-3.0.4-2 rpm -V gd-1.3-6 rpm -V gd-devel-1.3-6 rpm -V gdb-4.18-11 rpm -V gdbm-1.8.0-3 rpm -V gdbm-devel-1.8.0-3 rpm -V gettext-0.10.35-17 rpm -V getty_ps-2.0.7j-9 rpm -V git-4.3.19-2 rpm -V glib-1.2.6-3 rpm -V kernel-headers-2.2.14-5.0 S.5....T /boot/kernel.h rpm -V glibc-devel-2.1.3-15 rpm -V gmp-2.0.2-13 rpm -V gnome-audio-1.0.0-8 rpm -V gnome-libs-1.0.55-12 .M....G. /usr/sbin/gnome-pty-helper rpm -V gnupg-1.0.1-1 rpm -V gpm-1.18.1-7 rpm -V gpm-devel-1.18.1-7 rpm -V groff-1.15-8 rpm -V gtk+-1.2.6-7 rpm -V gzip-1.2.4a-2 rpm -V hdparm-3.6-4 rpm -V imlib-1.9.7-3 rpm -V indexhtml-6.2-1 rpm -V inetd-0.16-4 S.5....T c /etc/inetd.conf rpm -V initscripts-5.00-1 .......T c /etc/inittab S.5....T c /etc/rc.d/init.d/functions rpm -V install-guide-3.2-3 rpm -V intimed-1.10-10 rpm -V ipchains-1.3.9-5 rpm -V iputils-20000121-2 rpm -V isapnptools-1.21b-1 rpm -V kbdconfig-1.9.2.4-1 rpm -V kdoc-2.0-0.20000201 rpm -V kernel-2.2.14-5.0 .......T c /sbin/installkernel rpm -V kernel-BOOT-2.2.14-5.0 rpm -V kernel-doc-2.2.14-5.0 rpm -V kernel-pcmcia-cs-2.2.14-5.0 S.5....T c /etc/sysconfig/pcmcia rpm -V kernel-source-2.2.14-5.0 rpm -V kernel-utils-2.2.14-5.0 rpm -V krb5-configs-1.1.1-9 rpm -V krb5-devel-1.1.1-9 rpm -V krb5-libs-1.1.1-9 rpm -V kudzu-0.36-2 rpm -V kudzu-devel-0.36-2 rpm -V ld.so-1.9.5-13 rpm -V less-346-2 rpm -V libc-5.3.12-31 rpm -V libgr-2.0.13-23 rpm -V libgr-devel-2.0.13-23 rpm -V libgr-progs-2.0.13-23 rpm -V libjpeg-6b-10 rpm -V libjpeg-devel-6b-10 rpm -V libpng-1.0.5-3 rpm -V libpng-devel-1.0.5-3 rpm -V libstdc++-2.9.0-30 rpm -V libtermcap-devel-2.0.8-20 rpm -V libtiff-3.5.4-5 rpm -V libtiff-devel-3.5.4-5 rpm -V m4-1.4-12 rpm -V tcsh-6.09-4 rpm -V perl-5.00503-10 rpm -V libtool-1.3.4-3 rpm -V libungif-4.1.0-4 rpm -V libungif-devel-4.1.0-4 rpm -V libxml-1.8.6-2 rpm -V lilo-0.21-15 rpm -V pwdb-0.61-0 rpm -V pam-0.72-6 rpm -V sh-utils-2.0-5 rpm -V redhat-release-6.2-1 rpm -V linuxconf-1.17r2-6 .M...... c /etc/conf.linuxconf missing /var/log/htmlaccess.log missing /var/log/netconf.log rpm -V linuxconf-devel-1.17r2-6 rpm -V logrotate-3.3.2-1 rpm -V losetup-2.10f-1 rpm -V lsof-4.47-2 rpm -V ltrace-0.3.10-2 rpm -V mailx-8.1.1-10 rpm -V make-3.78.1-4 rpm -V man-1.5h1-1 rpm -V man-pages-1.28-6 rpm -V mingetty-0.9.4-11 rpm -V mkbootdisk-1.2.5-3 rpm -V mkinitrd-2.4.1-2 rpm -V mod_perl-1.21-10 rpm -V modutils-2.3.9-6 rpm -V mount-2.10f-1 rpm -V mouseconfig-4.4-1 rpm -V mt-st-0.5b-7 rpm -V mtools-3.9.6-3 rpm -V ncompress-4.2.4-15 rpm -V ncurses-devel-5.0-11 rpm -V net-tools-1.54-4 S.5....T /bin/netstat S.5....T /sbin/ifconfig rpm -V newt-0.50.8-2 rpm -V newt-devel-0.50.8-2 rpm -V ntsysv-1.1.2-1 rpm -V openldap-1.2.9-5 rpm -V passwd-0.64.1-1 S.5....T c /etc/pam.d/passwd rpm -V patch-2.5-10 rpm -V pciutils-2.1.5-2 rpm -V pciutils-devel-2.1.5-2 rpm -V phhttpd-0.1.0-4 missing /var/log/phhttpd rpm -V php-3.0.15-2 S.5....T c /etc/httpd/php3.ini rpm -V php-imap-3.0.15-2 rpm -V php-ldap-3.0.15-2 rpm -V php-manual-3.0.15-2 rpm -V php-pgsql-3.0.15-2 rpm -V phpfi-2.0.1-12 rpm -V pidentd-3.0.10-5 rpm -V pmake-2.1.34-3 rpm -V popt-1.5-0.48 rpm -V portmap-4.0-19 rpm -V postgresql-6.5.3-6 rpm -V procinfo-17-4 rpm -V procmail-3.14-2 rpm -V procps-2.0.6-5 SM5....T /bin/ps SM5....T /usr/bin/top rpm -V psmisc-19-2 rpm -V pump-0.7.8-1 rpm -V python-1.5.2-13 rpm -V python-docs-1.5.2-13 rpm -V pythonlib-1.23-1 rpm -V quota-2.00pre3-2 rpm -V raidtools-0.90-6 rpm -V rcs-5.7-11 rpm -V rdate-1.0-1 rpm -V readline-2.2.1-6 rpm -V readline-devel-2.2.1-6 rpm -V redhat-logos-1.1.0-2 rpm -V rootfiles-5.2-5 rpm -V rpm-3.0.4-0.48 rpm -V rpm-build-3.0.4-0.48 rpm -V rpm-devel-3.0.4-0.48 rpm -V samba-2.0.6-9 S.5....T c /etc/smbusers missing /var/log/samba rpm -V samba-client-2.0.6-9 rpm -V samba-common-2.0.6-9 S.5....T c /etc/smb.conf rpm -V sash-3.4-2 rpm -V screen-3.9.5-4 rpm -V sendmail-8.9.3-20 S.5....T c /etc/aliases ......G. /etc/aliases.db S.5....T c /etc/mail/access S.5....T c /etc/sendmail.cf S.5....T c /etc/sendmail.cw S.5....T c /etc/sendmail.mc missing /var/log/sendmail.st rpm -V sendmail-cf-8.9.3-20 rpm -V sendmail-doc-8.9.3-20 rpm -V setserial-2.15-3 rpm -V setuptool-1.2-5 rpm -V shapecfg-2.2.12-2 rpm -V sharutils-4.2.1-2 rpm -V slang-1.2.2-5 rpm -V slang-devel-1.2.2-5 rpm -V slocate-2.1-2 rpm -V stat-1.5-12 rpm -V strace-4.2-1 rpm -V svgalib-1.4.1-2 rpm -V svgalib-devel-1.4.1-2 rpm -V sysklogd-1.3.31-16 rpm -V tar-1.13.17-3 rpm -V tcp_wrappers-7.6-10 rpm -V telnet-0.16-6 rpm -V telnet-server-0.16-6 S.5..... /usr/sbin/in.telnetd rpm -V time-1.7-9 rpm -V timeconfig-3.0.3-2 rpm -V timed-0.16-2 rpm -V tmpwatch-2.2-1 rpm -V traceroute-1.4a5-18 rpm -V unzip-5.40-2 rpm -V utempter-0.5.2-2 rpm -V util-linux-2.10f-7 S.5....T c /etc/pam.d/login rpm -V vim-common-5.6-11 .......T /usr/share/vim/vim56/doc/help.txt rpm -V vim-minimal-5.6-11 rpm -V vixie-cron-3.0.1-40 rpm -V which-2.9-2 rpm -V words-2-12 rpm -V wu-ftpd-2.6.0-3 S.5..... c /etc/ftpusers rpm -V xntp3-5.93-14 S.5....T c /etc/ntp.conf missing /etc/ntp/step-tickers rpm -V xpm-3.4k-2 rpm -V yp-tools-2.4-1 rpm -V ypbind-3.3-28 .......T c /etc/yp.conf rpm -V ypserv-1.3.9-3 rpm -V zip-2.3-4 rpm -V zlib-1.1.3-6 rpm -V zlib-devel-1.1.3-6 rpm -V gnu-pop3d-0.9.8-2 rpm -V db3-3.1.17-4.6x rpm -V rpm-python-4.0.2-6x Unsatisfied dependencies for rpm-python-4.0.2-6x: rpm = 4.0.2, librpmio.so.0
