ALT Linux Community general discussions
 help / color / mirror / Atom feed
* [mdk-re] Нарвался на хакинг?
@ 2001-05-09 15:17 Oleg N. Kayunov
  2001-05-09 18:56 ` Michael Bykov
  2001-05-10 13:37 ` Dmitry V. Levin
  0 siblings, 2 replies; 7+ messages in thread
From: Oleg N. Kayunov @ 2001-05-09 15:17 UTC (permalink / raw)
  To: Mandrake - M-List of ALTLinux

Ночью компьютер стоял на скачивании в dial-up
Утром прочел во внутренней почте такое сообщение:
.................................................
Security Warning: the sha1 checksum for one of your SUID files has
changed,
 maybe an intruder modified one of these suid binary in order to put in
a+backdoor...
                - Checksum changed files : /usr/sbin/usernetctl
.................................................
Сабж????
В описании к новой версии ininscripts (я ее установил) говорилось вроде
об улучшении работы с usb, причем здесь usernetctl?

Прочтя такое я вручную (не дожидаясь 4 часов ночи по cron) запустил
security.sh
и получил:
.................................................
Security Warning: Change in Suid Root files found :
                - Added suid root files : /usr/X11R6/bin/Xwrapper
                - Removed suid root files : /usr/X11R6/bin/Xwrapper
 
Security Warning: Changes in Suid Group files found :
                - Added suid group files : /usr/X11R6/bin/xhextris
                - Added suid group files : /usr/X11R6/bin/xlogical
                - Removed suid group files : /usr/X11R6/bin/xhextris
                - Removed suid group files : /usr/X11R6/bin/xlogical
 
Security Warning: Change in World Writeable Files found :
                - Added writables files : /tmp/.ICE-unix
                - Added writables files : /tmp/.X11-unix
                - Added writables files : /tmp/.X11-unix/X0
                - Removed writables files : /tmp/.ICE-unix
                - Removed writables files : /tmp/.X11-unix
                - Removed writables files : /tmp/.X11-unix/X0
 
Security Warning: the sha1 checksum for one of your SUID files has
changed,
        maybe an intruder modified one of these suid binary in order to
put in+a backdoor...
                - Checksum changed files : /usr/X11R6/bin/Xwrapper
.................................................
Совсем что-то загадочное $:-b Добавлены и убраны.....

		Таки все это - САБЖ??? Или так и надо 8-[]

			Спасибо, Олег.

ЗЫ Я тут уже пару раз и по разному (письмом и через web) подписывался на
security - рассылку и что-то ничего не вижу.
Она еще не запустилась?




^ permalink raw reply	[flat|nested] 7+ messages in thread

end of thread, other threads:[~2001-05-10 13:37 UTC | newest]

Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2001-05-09 15:17 [mdk-re] Нарвался на хакинг? Oleg N. Kayunov
2001-05-09 18:56 ` Michael Bykov
2001-05-09 19:17   ` [mdk-re] ssh Michael Bykov
2001-05-09 19:22     ` Sergey Vlasov
2001-05-09 19:52       ` Michael Bykov
2001-05-09 20:48   ` [mdk-re] Re: [mdk-re] Нарвался на хакинг? Oleg N. Kayunov
2001-05-10 13:37 ` Dmitry V. Levin

ALT Linux Community general discussions

This inbox may be cloned and mirrored by anyone:

	git clone --mirror http://lore.altlinux.org/community/0 community/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 community community/ http://lore.altlinux.org/community \
		mandrake-russian@linuxteam.iplabs.ru community@lists.altlinux.org community@lists.altlinux.ru community@lists.altlinux.com
	public-inbox-index community

Example config snippet for mirrors.
Newsgroup available over NNTP:
	nntp://lore.altlinux.org/org.altlinux.lists.community


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git