Mailinglist Archive: opensuse-security (51 mails)

< Previous Next >
Re: [opensuse-security] System attacked, need help
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 2014-09-13 20:00, Jon Cosby wrote:

The attacks seem to continue almost immediately. rkhunter gives a very
suspicious warning:

<code>
[10:19:02] /sbin/ifup [ Warning ]
[10:19:02] Warning: The command '/sbin/ifup' has been replaced by a
script: /sbin/ifup: Bourne-Again shell script, ASCII..

False positive. It *is* a script on openSUSE.

sbin> ls -l ifup
-rwxr-xr-x 1 root root 48711 Apr 10 00:46 ifup

cer@Telcontar:~> l /sbin/ifup
- -rwxr-xr-x 1 root root 48711 Apr 10 09:46 /sbin/ifup*
cer@Telcontar:~> file /sbin/ifup
/sbin/ifup: Bourne-Again shell script, ASCII text executable
cer@Telcontar:~> rpm -qf /sbin/ifup
sysconfig-network-0.81.5-30.1.x86_64
cer@Telcontar:~> rpm -V sysconfig-network
cer@Telcontar:~>

- --
Cheers / Saludos,

Carlos E. R.
(from 13.1 x86_64 "Bottle" at Telcontar)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)

iEYEARECAAYFAlQUixsACgkQtTMYHG2NR9U9pACfUglKv9r1FB5z7AS29lPBdgLc
/1oAn1Uy+5vauxVqkl83cCxLgC/D963f
=VpvG
-----END PGP SIGNATURE-----
--
To unsubscribe, e-mail: opensuse-security+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-security+owner@xxxxxxxxxxxx

< Previous Next >
Follow Ups
References