Mailinglist Archive: opensuse-security (685 mails)

< Previous Next >
Re: [suse-security] suspicious files
  • From: Bob Vickers <bobv@xxxxxxxxxxxxx>
  • Date: Tue, 26 Feb 2002 09:57:32 +0000 (GMT)
  • Message-id: <Pine.OSF.4.44.0202260952250.32175-100000@xxxxxxxxxxxxxxxxxxxxx>
Ian,

Have you done any checking with rpm? It has good options for verifying
where files came from, e.g.

rpm -qf filename
rpm --verify packagename
rpm -ql packagename

I suppose if you are really paranoid you might distrust the information if
you think you have been cracked, but at least it gives you a starting
point for further investigation.

Bob

On Tue, 26 Feb 2002, Ian Laws wrote:

> Hi Everyone.
>
> I have just starting using chrootkit and as I do not really know what files are installed.
> I was wondering if these files are really suspicious and if I should delete them.
> please note. I have installed the Apache webserver with perl for the Intranet.
>
>
> Searching for suspicious files and dirs, it may take a while...
> /usr/lib/perl5/5.6.0/i586-linux/.packlist /usr/lib/perl5/site_perl/5.6.0/i586-
> linux/auto/Alien/.packlist
> /usr/lib/perl5/site_perl/5.6.0/i586-linux/auto/Storable/.packlist
> /usr/lib/perl5/site_perl/5.6.0/i586-linux/auto/Tk/.packlist
> /usr/lib/perl5/site_perl/5.6.0/i586-linux/auto/Locale/gettext/.packlist
> /usr/lib/perl5/site_perl/5.6.0/i586-linux/auto/Tie/IxHash/.packlist
> /usr/lib/perl5/site_perl/5.6.0/i586-linux/auto/Digest/MD5/.packlist
> /usr/lib/perl5/site_perl/5.6.0/i586-linux/auto/HTML/Parser/.packlist
> /usr/lib/perl5/site_perl/5.6.0/i586-linux/auto/MIME/Base64/.packlist
> /usr/lib/perl5/site_perl/5.6.0/i586-linux/auto/URI/.packlist
> /usr/lib/perl5/site_perl/5.6.0/i586-linux/auto/Net/.packlist
> /usr/lib/perl5/site_perl/5.6.0/i586-linux/auto/libwww-perl/.packlist
> /usr/lib/jdk1.1.8/bin/.java_wrapper /usr/lib/jdk1.1.8/bin/i686/green_threads/.extract_args
> /usr/lib/jdk1.1.8/bin/i686/native_threads/.extract_args
>
> Ian Laws
>
> --
> To unsubscribe, e-mail: suse-security-unsubscribe@xxxxxxxx
> For additional commands, e-mail: suse-security-help@xxxxxxxx
> Security-related bug reports go to security@xxxxxxx, not here
>
>

==============================================================
Bob Vickers R.Vickers@xxxxxxxxxxxxx
Dept of Computer Science, Royal Holloway, University of London
WWW: http://www.cs.rhul.ac.uk/home/bobv
Phone: +44 1784 443691


< Previous Next >
Follow Ups
References