System Integrity checking - modified files !

[bigste]

This morning I got an email from my server telling me about this list of files that have failed their MD5 check.
I haven't seen any OS updates or anything. Are these the files that maybe targetted by a virus or hacker etc... I wouldn't really know. If they were in C:\Windows\System32 I'd be a bit worried about it but on this CentOS system I'm a bit out of my depth.


/usr/bin/gencat: FAILED
/usr/bin/getconf: FAILED
/usr/bin/getent: FAILED
/usr/bin/iconv: FAILED
/usr/bin/java: FAILED
/usr/bin/keytool: FAILED
/usr/bin/lddlibc4: FAILED
/usr/bin/locale: FAILED
/usr/bin/localedef: FAILED
/usr/bin/orbd: FAILED
/usr/bin/pack200: FAILED
/usr/bin/rmid: FAILED
/usr/bin/rmiregistry: FAILED
/usr/bin/rpcgen: FAILED
/usr/bin/servertool: FAILED
/usr/bin/sprof: FAILED
/usr/bin/tnameserv: FAILED
/usr/bin/unpack200: FAILED
/usr/sbin/build-locale-archive: FAILED
/usr/sbin/glibc_post_upgrade.i686: FAILED
/usr/sbin/iconvconfig: FAILED
/usr/sbin/iconvconfig.i686: FAILED
/usr/sbin/logrotate: FAILED
/usr/sbin/nscd: FAILED
/usr/sbin/rpcinfo: FAILED
/usr/sbin/zdump: FAILED
/usr/sbin/zic: FAILED
/sbin/ldconfig: FAILED
/sbin/sln: FAILED

suddenly I've got a lot of these messages:

Suspicious process running under user haldaemon:
/usr/libexec/hald-addon-keyboard.#prelink#.cMTWEy (deleted)

/usr/libexec/hald-addon-acpi\00\00\00\00\00\88\b9\8f\f6\88\b9\8f\f6\00\00\00\00
(deleted)

/usr/sbin/hald\00]\00\08`r\9c\08\00\00\00\00\8aY\f7\b7A (deleted)

I'm a bit worried...

[Infopro]

You've installed a firewall called CSF. Those emails are from CSF and you can find out all about on the site you downloaded it from.
ConfigServer Scripts Forum - Index page


HTH!

[bigste]

The heat is off....

I found an email in my Junk Items pertaining to an overnight OS update.

I'm happy with that.



CASE CLOSED

[Infopro]

Be sure to restart your firewall.