[lug] Possible compromise?
nagler at bivio.biz
Sat Jan 18 20:48:02 MST 2003
Sean Reifschneider writes:
> You couldn't find any accounts of people having modified SSHs installed?
> You must not have looked very hard. ;-)
No. I ran 'find / -m +4000 -ls' and it didn't come up with anything
> If you installed SSH via an RPM, you should check "rpm -V ssh-server"
I did 'rpm -V -a', and it didn't come up with anything unusual.
Config files changed, but no binaries or scripts.
It wasn't just ssh. It was any login, su, etc. Anything using PAM.
The machine is off right now. I built its replacement today, enough
work for this weekend... :-(
More information about the LUG