Bugtraq mailing list archives
Re: Strange changes - any ideas?
From: Andrew.V.Kovalev () jet msk su (Andrew V. Kovalev)
Date: Mon, 10 Jun 1996 10:33:57 +0400
Fred Cohen wrote:
We run a change-controlled environment, which means that we should be
aware of all changes. To crosscheck this, we regularly do automated
change detection. This morning, I made some minor changes to some user
areas and ran the change control checks only to find the changes listed
below. (Here are some select extracts)
*** '/bin/newgrp' has changed as follows:
The contents (md5 checksum) changed. Any change in content can trigger this.
Checking /bin
*** '/bin/newgrp' has changed as follows:
The contents (md5 checksum) changed. Any change in content can trigger this.
*** '/bin/login' has changed as follows:
Looks like /usr was remounted with nosuid option. All (and only) setuid
executables are listed.
avk
Current thread:
- brute force, (continued)
- brute force *Hobbit* (Jun 04)
- Re: brute force Christopher Klaus (Jun 04)
- Re: brute force Tom Fitzgerald (Jun 05)
- Re: brute force Alan Brown (Jun 06)
- Re: Linux rlogin hole with libc 5.x Alan Brown (Jun 06)
- Re: Linux rlogin hole with libc 5.x Pablo Idiaquez (Jun 06)
- help TaeJin Hong (Jun 07)
- HP-UX B.10.01 vulnerability Aleph One (Jun 07)
- Strange changes - any ideas? Fred Cohen (Jun 08)
- Re: Strange changes - any ideas? dsiebert () icaen uiowa edu (Jun 09)
- Re: Strange changes - any ideas? Andrew V. Kovalev (Jun 09)
- Digital Unix, daemons and the SIA authentication library. Paul C Leyland (Jun 10)
- Re: Strange changes - any ideas? Darren Reed (Jun 10)
- Vulnerability Database Christopher Klaus (Jun 10)
- Re: brute force Ze'ev Maor (Jun 04)
- Re: brute force simes () tcp co uk (Jun 04)
- Re: Not so much a bug as a warning of new brute force attack Paul D. Robertson (Jun 09)