[hackcheck] net-tools failed checksum test

N

ncconquer

Well-Known Member
Jun 20, 2004
80
0
156
this text from my email:
---
IMPORTANT: Do not ignore this email.
This message is to inform you that the rpm
package net-tools did not match the expected checksum. This could mean
that
your system was compromised (OwN3D). The offending files have been
removed
and replaced with the OS default. To be safe you should verify that
your
system has not be compromised.

Modified Files:
S.?..... /bin/hostname
S.?..... /bin/netstat
S.?..... /sbin/arp
S.?..... /sbin/ether-wake
S.?..... /sbin/ifconfig
S.?..... /sbin/ipmaddr
S.?..... /sbin/iptunnel
S.?..... /sbin/mii-tool
S.?..... /sbin/nameif
S.?..... /sbin/plipconfig
S.?..... /sbin/route
S.?..... /sbin/slattach
---
What's that? Please tech me.
 
chirpy

chirpy

Well-Known Member
Verifed Vendor
Jun 15, 2002
13,437
33
473
Go on, have a guess
You should install tools such as rkhunter and chkrootkit to see if you have a standard rootkit installed on your server - which would strongly suggest a successful root compromise. If they're OK, and the problem as not been caused by you running chmod somewhere you shouldn't, then you need to establish how the files from those RPMs were changed.

If you don't know how to do these things, then you really should look for a someone who specialiases in Linux security to check your server for you.
 
You must log in or register to reply here.
Thread starter Similar threads Forum Replies Date
B [cPanel hackcheck] has a uid 0 account Security 12
R Two hackcheck notice email Security 14
N [hackcheck] net-tools failed checksum test Security 0
V [hackcheck] net-tools failed checksum test Security 0
S Important - Hackcheck problems - GLIB and FINDUTILS and NET-TOOLS Security 5
Similar threads
[cPanel hackcheck] has a uid 0 account
Two hackcheck notice email
[hackcheck] net-tools failed checksum test
[hackcheck] net-tools failed checksum test
Important - Hackcheck problems - GLIB and FINDUTILS and NET-TOOLS
Top Bottom