Thanks for all of your help. I appreciate the information. I suspected I'd been hacked but wasn't sure. Which is why I started all of this to see if I should bring the machines up2date or whether I should upgrade to 7.1 (someone suggested 7.3) I'm going to do what you suggest but install 7.3 instead. I guess the install from scratch will re-format the disks and this hack will disappear. Is that right?
I was also told by someone that the dns files should be tested first on a 7.x box (I have a 7.1 box but it's not running bind yet) Thanks again. Ernie -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Michael Schwendt Sent: Wednesday, January 29, 2003 10:16 AM To: [EMAIL PROTECTED] Subject: Re: Updating RH Linux 6.2 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, 29 Jan 2003 09:14:26 -0500, Ernest Ellingson wrote: > [root@NS2 /bin]# lsattr / | grep bin > lsattr: Inappropriate ioctl for device While reading flags on //proc > sucSiadA //bin sucSiadA //sbin > -------- //bin2 > > //bin2 is the directory I created last night and used mv to copy the > files from bin to bin2 You see? /bin and /sbin have *all* attributes set (see "man chattr"). > I've attached rpm-Va.txt. All of the pacages have a V so they look > OK. No, far from it. Several important binaries didn't pass the MD5 checksum check: ls, ps, top, netstat, ifconfig, telnet-server, PAM files, even an initscript! It might be that someone plays with you already. Get the machine off the network as soon as possible and re-install! Repairing the system is not an option for you. > I don't understand the nomenclature on the directories. Read "man rpm" section VERIFY OPTIONS on what the flags mean. > I'm not > sure about the missing files. The only services that run on the > machine are (telnet, ftp, sendmail not open outside the lan) and named > (open to the internet.) Although for a month or so last fall, when we > moved the site the firewall rules had these machines pretty much naked > to the world. - -- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE+N/Ar0iMVcrivHFQRAoS9AKCG71OgNFxUQmTDoKT5lm0P7J+GKwCgiJI7 kYWs0kLjM2j/2kZuTXZuebI= =yvlP -----END PGP SIGNATURE----- -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
