The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

[hackcheck] net-tools failed checksum test

Discussion in 'General Discussion' started by ncconquer, May 3, 2005.

  1. ncconquer

    ncconquer Well-Known Member

    Joined:
    Jun 20, 2004
    Messages:
    80
    Likes Received:
    0
    Trophy Points:
    6
    this text from my email:
    ---
    IMPORTANT: Do not ignore this email.
    This message is to inform you that the rpm
    package net-tools did not match the expected checksum. This could mean
    that
    your system was compromised (OwN3D). The offending files have been
    removed
    and replaced with the OS default. To be safe you should verify that
    your
    system has not be compromised.

    Modified Files:
    S.?..... /bin/hostname
    S.?..... /bin/netstat
    S.?..... /sbin/arp
    S.?..... /sbin/ether-wake
    S.?..... /sbin/ifconfig
    S.?..... /sbin/ipmaddr
    S.?..... /sbin/iptunnel
    S.?..... /sbin/mii-tool
    S.?..... /sbin/nameif
    S.?..... /sbin/plipconfig
    S.?..... /sbin/route
    S.?..... /sbin/slattach
    ---
    What's that? Please tech me.
     
  2. chirpy

    chirpy Well-Known Member

    Joined:
    Jun 15, 2002
    Messages:
    13,475
    Likes Received:
    20
    Trophy Points:
    38
    Location:
    Go on, have a guess
    You should install tools such as rkhunter and chkrootkit to see if you have a standard rootkit installed on your server - which would strongly suggest a successful root compromise. If they're OK, and the problem as not been caused by you running chmod somewhere you shouldn't, then you need to establish how the files from those RPMs were changed.

    If you don't know how to do these things, then you really should look for a someone who specialiases in Linux security to check your server for you.
     
Loading...

Share This Page