-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 2014-09-13 20:00, Jon Cosby wrote:
The attacks seem to continue almost immediately. rkhunter gives a very suspicious warning:
<code> [10:19:02] /sbin/ifup [ Warning ] [10:19:02] Warning: The command '/sbin/ifup' has been replaced by a script: /sbin/ifup: Bourne-Again shell script, ASCII..
False positive. It *is* a script on openSUSE.
sbin> ls -l ifup -rwxr-xr-x 1 root root 48711 Apr 10 00:46 ifup
cer@Telcontar:~> l /sbin/ifup - -rwxr-xr-x 1 root root 48711 Apr 10 09:46 /sbin/ifup* cer@Telcontar:~> file /sbin/ifup /sbin/ifup: Bourne-Again shell script, ASCII text executable cer@Telcontar:~> rpm -qf /sbin/ifup sysconfig-network-0.81.5-30.1.x86_64 cer@Telcontar:~> rpm -V sysconfig-network cer@Telcontar:~> - -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iEYEARECAAYFAlQUixsACgkQtTMYHG2NR9U9pACfUglKv9r1FB5z7AS29lPBdgLc /1oAn1Uy+5vauxVqkl83cCxLgC/D963f =VpvG -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-security+owner@opensuse.org