Mailinglist Archive: opensuse (3637 mails)

< Previous Next >
Re: [SLE] hacked?
  • From: "Claudio E. Elicker" <elicker@xxxxxxxxx>
  • Date: Wed, 02 May 2001 21:03:24 -0300
  • Message-id: <3AF0A04C.668F31F6@xxxxxxxxx>

James Oakley wrote:
>
> - - - type 'rpm -V psutils' and pray that it outputs nothing. If it spits
> filenames at you, the box probably has a rootkit installed and you should
> immediately back up your data and reinstall
>
> - - - Verify some other packages the same way as above: bash and nkitb,
> especially
>

elicker@yeh1:~ > rpm -V psutils
package psutils is not installed
OK, psutils is not installed yet.


elicker@yeh1:~ > rpm -V bash
OK.


elicker@yeh1:~ > rpm -V nkitb
..?..... /bin/ping6
..?..... /usr/sbin/rpc.rstatd
..?..... /usr/sbin/timedc
Ouch!!! Is this right?


I manually extracted these files from SuSE CD to a test directory and
run a diff against the installed ones.

root@yeh1:/home/elicker > diff /bin/ping6 ./Testes/ping6
root@yeh1:/home/elicker > diff /usr/sbin/rpc.rstatd ./Testes/rpc.rstatd
root@yeh1:/home/elicker > diff /usr/sbin/timedc ./Testes/timedc

No differences was found. Why is "rpm -V" complaining?

Thanks.

Claudio


< Previous Next >
Follow Ups
References