Groups | Search | Server Info | Keyboard shortcuts | Login | Register

Groups > comp.os.linux.security > #220

Re: Security breach?

From GangGreene <GangGreene@example.com>
Newsgroups comp.os.linux.security
Subject Re: Security breach?
Date 2013-01-13 10:45 -0500
Organization A noiseless patient Spider
Message-ID <gd1bs9-ctc.ln1@crazy-horse.bildanet.com> (permalink)
References (10 earlier) <iL6Is.20389$KS4.4121@newsfe11.iad> <XnsA146B1F1F1686MyBigKitty@216.196.97.131> <slrnkf48sj.rpi.BitTwister@wb.home.test> <hklas9-okc.ln1@crazy-horse.bildanet.com> <slrnkf5ieu.kia.BitTwister@wb.home.test>

Show all headers | View raw

On Sun, 13 Jan 2013 14:51:10 +0000, Bit Twister wrote:

> On Sun, 13 Jan 2013 07:24:17 -0500, GangGreene wrote:
>> On Sun, 13 Jan 2013 03:01:39 +0000, Bit Twister wrote:
>>
>>> On Sat, 12 Jan 2013 16:29:53 -0600, Ohmster wrote:
>>> 
>>>> this case. Now I will install tripwire and rkhunter while clean to
>>>> further protect against these attacks.
>>> 
>>> I tried tripwire awhile back. A bit complicated for me. That is why I
>>> went with http://sourceforge.net/projects/aide
>>
>> If you are using a rpm based distro then rpm -V -a is your friend.
> 
> But not your best friend.  8-)
> 
> It will not tell you about any new applications installed by some other
> method.
> 
> What if the cracker used rpm to install malware?  :-(

It will show if any installed file has changed from the original rpm file
(s).  From that information you will know what "system files" have been 
compromised.  Then you can determine if a rootkit has been installed.  If 
you find compromised system files then you know that you must format and 
re-install with out a doubt.  At this time I would not care what other 
files have been installed.

Back to comp.os.linux.security | Previous | NextPrevious in thread | Next in thread | Find similar

Thread

Security breach? Ohmster <root@dev.nul> - 2013-01-10 23:29 -0600
  Re: Security breach? Bit Twister <BitTwister@mouse-potato.com> - 2013-01-11 05:59 +0000
    Re: Security breach? unruh <unruh@invalid.ca> - 2013-01-11 06:10 +0000
      Re: Security breach? Ohmster <root@dev.nul> - 2013-01-11 02:45 -0600
        Re: Security breach? unruh <unruh@invalid.ca> - 2013-01-11 20:44 +0000
          Re: Security breach? Ohmster <root@dev.nul> - 2013-01-11 15:06 -0600
            Re: Security breach? unruh <unruh@invalid.ca> - 2013-01-11 22:26 +0000
          Re: Security breach? Ohmster <root@dev.nul> - 2013-01-11 16:45 -0600
            Re: Security breach? unruh <unruh@invalid.ca> - 2013-01-12 00:24 +0000
              Re: Security breach? Ohmster <root@dev.nul> - 2013-01-11 19:34 -0600
                Re: Security breach? unruh <unruh@invalid.ca> - 2013-01-12 02:16 +0000
                Re: Security breach? Ohmster <root@dev.nul> - 2013-01-11 21:04 -0600
                Re: Security breach? unruh <unruh@invalid.ca> - 2013-01-12 05:44 +0000
                Re: Security breach? Ohmster <root@dev.nul> - 2013-01-12 16:29 -0600
                Re: Security breach? Bit Twister <BitTwister@mouse-potato.com> - 2013-01-13 03:01 +0000
                Re: Security breach? GangGreene <GangGreene@example.com> - 2013-01-13 07:24 -0500
                Re: Security breach? Bit Twister <BitTwister@mouse-potato.com> - 2013-01-13 14:51 +0000
                Re: Security breach? GangGreene <GangGreene@example.com> - 2013-01-13 10:45 -0500
                Re: Security breach? Jim Beard <jdbeard@patriot.net> - 2013-01-13 12:21 -0500
                Re: Security breach? GangGreene <GangGreene@example.com> - 2013-01-13 12:59 -0500
                Re: Security breach? unruh <unruh@invalid.ca> - 2013-01-13 20:40 +0000
                Re: Security breach? GangGreene <GangGreene@example.com> - 2013-01-13 16:14 -0500
                Re: Security breach? unruh <unruh@invalid.ca> - 2013-01-13 23:51 +0000
                Re: Security breach? GangGreene <GangGreene@example.com> - 2013-01-14 09:59 -0500
                Re: Security breach? unruh <unruh@invalid.ca> - 2013-01-14 17:39 +0000
                Re: Security breach? GangGreene <GangGreene@example.com> - 2013-01-14 16:16 -0500
                Re: Security breach? unruh <unruh@invalid.ca> - 2013-01-14 21:48 +0000
                Re: Security breach? unruh <unruh@invalid.ca> - 2013-01-13 20:35 +0000
          Re: Security breach? Ohmster <root@dev.nul> - 2013-01-11 17:05 -0600
            Re: Security breach? unruh <unruh@invalid.ca> - 2013-01-12 00:26 +0000
      Re: Security breach? Ohmster <root@dev.nul> - 2013-01-11 03:10 -0600
        Re: Security breach? Bit Twister <BitTwister@mouse-potato.com> - 2013-01-11 11:31 +0000
          Re: Security breach? Ohmster <root@dev.nul> - 2013-01-11 15:53 -0600
            Re: Security breach? Aragorn <stryder@telenet.be.invalid> - 2013-01-11 23:05 +0100
              Re: Security breach? Richard Kettlewell <rjk@greenend.org.uk> - 2013-01-11 22:14 +0000
                Re: Security breach? Ohmster <root@dev.nul> - 2013-01-11 16:47 -0600
                Re: Security breach? Bit Twister <BitTwister@mouse-potato.com> - 2013-01-12 00:26 +0000
                Re: Security breach? Richard Kettlewell <rjk@greenend.org.uk> - 2013-01-12 09:23 +0000
                Re: Security breach? Ohmster <root@dev.nul> - 2013-01-12 16:31 -0600
                Re: Security breach? Ohmster <root@dev.nul> - 2013-01-12 16:36 -0600
                Re: Security breach? Aragorn <stryder@telenet.be.invalid> - 2013-01-13 14:45 +0100
              Re: Security breach? Ohmster <root@dev.nul> - 2013-01-11 16:39 -0600
            Re: Security breach? Bit Twister <BitTwister@mouse-potato.com> - 2013-01-12 00:08 +0000
        Re: Security breach? unruh <unruh@invalid.ca> - 2013-01-11 20:50 +0000
          Re: Security breach? Ohmster <root@dev.nul> - 2013-01-11 15:19 -0600
            Re: Security breach? unruh <unruh@invalid.ca> - 2013-01-11 22:30 +0000
              Re: Security breach? Ohmster <root@dev.nul> - 2013-01-11 16:49 -0600
    Re: Security breach? Ohmster <root@dev.nul> - 2013-01-11 02:36 -0600
    Re: Security breach? Ohmster <root@dev.nul> - 2013-01-11 02:52 -0600
  Re: Security breach? "David W. Hodgins" <dwhodgins@nomail.afraid.org> - 2013-01-11 03:10 -0500
    Re: Security breach? Ohmster <root@dev.nul> - 2013-01-11 02:39 -0600
  Re: Security breach? Richard Kettlewell <rjk@greenend.org.uk> - 2013-01-11 10:53 +0000
    Re: Security breach? Ohmster <root@dev.nul> - 2013-01-11 15:12 -0600
      Re: Security breach? Aragorn <stryder@telenet.be.invalid> - 2013-01-11 22:53 +0100
        Re: Security breach? Ohmster <root@dev.nul> - 2013-01-11 15:57 -0600
          Re: Security breach? Aragorn <stryder@telenet.be.invalid> - 2013-01-11 23:29 +0100
            Re: Security breach? Ohmster <root@dev.nul> - 2013-01-11 16:55 -0600
              Re: Security breach? Aragorn <stryder@telenet.be.invalid> - 2013-01-11 23:59 +0100
                Re: Security breach? Ohmster <root@dev.nul> - 2013-01-11 17:07 -0600
                Re: Security breach? Aragorn <stryder@telenet.be.invalid> - 2013-01-12 00:24 +0100
                Re: Security breach? `blindshell' ...INFECTED (PORTS: 465) Ohmster <root@dev.nul> - 2013-01-11 17:48 -0600
                Re: Security breach? `blindshell' ...INFECTED (PORTS: 465) Ohmster <root@dev.nul> - 2013-01-11 18:07 -0600
            Re: Security breach? unruh <unruh@invalid.ca> - 2013-01-12 00:16 +0000
              Re: Security breach? Aragorn <stryder@telenet.be.invalid> - 2013-01-12 12:13 +0100
                Re: Security breach? unruh <unruh@invalid.ca> - 2013-01-12 18:30 +0000
      Re: Security breach? Richard Kettlewell <rjk@greenend.org.uk> - 2013-01-11 22:07 +0000
        Re: Security breach? Ohmster <root@dev.nul> - 2013-01-11 17:22 -0600

csiph-web