On Mon, 12 Nov 2012 13:58:56 +0100 "Angus McIntyre"
<[email protected]> wrote:
>Does anyone know whether these changes could legitimately have
>been triggered by either (a) installing ImageMagick, or (b) using
>setuid for the first time? Or has installing ImageMagick opened a
>vulnerability that has been promptly exploited by some ingenious
>hacker?
Let's not guess or speculate but ask you to post nfo:
- from syslog or yum.log the packages that got installed as deps of
ImageMagick,
- the result of running 'rpm -Vv' on those package names filtered
with 'grep -v "^\.\{8\}",
- the relevant rkhunter.log entries.
Cheers,
unSpawn
---
------------------------------------------------------------------------------
Monitor your physical, virtual and cloud infrastructure from a single
web console. Get in-depth insight into apps, servers, databases, vmware,
SAP, cloud infrastructure, etc. Download 30-day Free Trial.
Pricing starts from $795 for 25 servers or applications!
http://p.sf.net/sfu/zoho_dev2dev_nov
_______________________________________________
Rkhunter-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/rkhunter-users
