The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

System Integrity checking - modified files !

Discussion in 'Security' started by bigste, Oct 15, 2010.

  1. bigste

    bigste Member

    Joined:
    Jan 6, 2009
    Messages:
    20
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Cheshire, UK
    This morning I got an email from my server telling me about this list of files that have failed their MD5 check.
    I haven't seen any OS updates or anything. Are these the files that maybe targetted by a virus or hacker etc... I wouldn't really know. If they were in C:\Windows\System32 I'd be a bit worried about it but on this CentOS system I'm a bit out of my depth.


    /usr/bin/gencat: FAILED
    /usr/bin/getconf: FAILED
    /usr/bin/getent: FAILED
    /usr/bin/iconv: FAILED
    /usr/bin/java: FAILED
    /usr/bin/keytool: FAILED
    /usr/bin/lddlibc4: FAILED
    /usr/bin/locale: FAILED
    /usr/bin/localedef: FAILED
    /usr/bin/orbd: FAILED
    /usr/bin/pack200: FAILED
    /usr/bin/rmid: FAILED
    /usr/bin/rmiregistry: FAILED
    /usr/bin/rpcgen: FAILED
    /usr/bin/servertool: FAILED
    /usr/bin/sprof: FAILED
    /usr/bin/tnameserv: FAILED
    /usr/bin/unpack200: FAILED
    /usr/sbin/build-locale-archive: FAILED
    /usr/sbin/glibc_post_upgrade.i686: FAILED
    /usr/sbin/iconvconfig: FAILED
    /usr/sbin/iconvconfig.i686: FAILED
    /usr/sbin/logrotate: FAILED
    /usr/sbin/nscd: FAILED
    /usr/sbin/rpcinfo: FAILED
    /usr/sbin/zdump: FAILED
    /usr/sbin/zic: FAILED
    /sbin/ldconfig: FAILED
    /sbin/sln: FAILED

    suddenly I've got a lot of these messages:

    Suspicious process running under user haldaemon:
    /usr/libexec/hald-addon-keyboard.#prelink#.cMTWEy (deleted)

    /usr/libexec/hald-addon-acpi\00\00\00\00\00\88\b9\8f\f6\88\b9\8f\f6\00\00\00\00
    (deleted)

    /usr/sbin/hald\00]\00\08`r\9c\08\00\00\00\00\8aY\f7\b7A (deleted)

    I'm a bit worried...
     
    #1 bigste, Oct 15, 2010
    Last edited: Oct 15, 2010
  2. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,474
    Likes Received:
    202
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
  3. bigste

    bigste Member

    Joined:
    Jan 6, 2009
    Messages:
    20
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Cheshire, UK
    Phew.....

    The heat is off....

    I found an email in my Junk Items pertaining to an overnight OS update.

    I'm happy with that.



    CASE CLOSED :)
     
  4. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,474
    Likes Received:
    202
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Be sure to restart your firewall. ;)
     
Loading...

Share This Page