Re: [suse-security] strange seccheck output - cracked?
-----Ursprüngliche Nachricht----- Von: Maik Holtkamp [mailto:holtkamp@medical-city.de] Gesendet: Montag, 7. Oktober 2002 11:10 An: 'suse-security@suse.com' Betreff: [suse-security] strange seccheck output - cracked?
Hi,
after a long weekend I found this seccheck output in my inbox:
---cut--- The following programs have got a different md5 checksum since last week: + ++ /var/lib/secchk/data/rpm-md5.new Sun Oct 6 23:13:52 2002 + SM5....T /usr/share/groff + S.5....T /usr/share/info/gzip.info.gz + SM5....T /usr/lib/kbd + SM5....T /sbin/conf.d/SuSEconfig.pam + S.5....T /usr/share/doc/packages/pam/modules/README.pam_unix [....] + SM5....T /usr/share/zoneinfo
The following devices were added: + ++ /var/lib/secchk/data/devices.new Sun Oct 6 23:15:02 2002 + brw-rw---- root disk 49, 79 /usr/lib/locale/es_DO/LC_MESSAGES + brw-rw---- root disk 49, 77 /usr/lib/locale/mr_IN.utf8/LC_CTYPE/LC_TELEPHONE + brw-rw---- root disk 49, 78 /usr/lib/locale/mr_IN.utf8/LC_CTYPE/LC_TIME ---schnapp---
The box is running SuSE 7.1 and masquerading our small LAN on an isdn multilink (ibod) DOD dial-up.
---schnapp---
[....]
I checked the logs, but did not found anything suspicious. The files mentioned above are corrupted. Files in /etc/init.d/gpm or idedma, however, they are no longer executable. Even more strange /usr/src/linux-2.2.19.SuSE is a binary,too, and in this case it is world executable.
-- Maik
Hi, I'm pretty sure you were not hacked, but there's either a direct problem with your disk (flopped bits), an indirect disk problem (faulty cables), or some other problem that caused data corruption on your disk. Had this problem some time ago (from time to time) with SuSE 7.0 on a Compaq Deskpro w/ 10 Gig Maxtor HD. Went away when I upgraded to 7.3 with a 2.4 kernel, so it were maybe driver issues or timing problems. Thomas
participants (1)
-
Thomas Lamy