am I hacked?
G.Wolfe Woodbury
ggw at wolves.durham.nc.us
Sat Apr 21 21:12:26 UTC 2007
On Sat, Apr 21, 2007 at 10:04:20PM +0300, peter kostov wrote:
> On the other machine in my local network there is one 'bad' binary
> reported by rkhunter - wget. This second computer accesses the Internet
> through the one we are discussing.
> It is also running FC5 with yum, although the installation isn't exactly
> the same.
>
> Peter
rkhunter is slightly dumb when it comes to the system binaries.
They have been modified by the "prelink" process in Fedora, and thus
don't match the distributed MD5sums.
The fact that you don't have any other indications of an infection is
good.
I prefer chkrootkit to rkhunter, because it desn't depend on the binaries
prelinking messes up.
Wolfe
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.fedoraproject.org/pipermail/users/attachments/20070421/1545c677/attachment-0002.bin
More information about the users
mailing list