Re: Possible tirpwire false alarm?

[Sebastian Ip <9scki () qlink queensu ca>]

I went and aquired a copy of tom's rescue floppy and ran checks after booting 
off it.. Appears that everything is just fine. On reboot however my harddisk 
made some "dying" noise ...that's bad.

I am hoping this is a false alarm caused by something. I'll monitor more 
closely what happens in the next few weeks and when the next redhat comes out 
i'll see about at least a clean reinstall and prehaps aquire a new harddisk 
as well.

Thanks for all the help guys. If anyone else have more ideas for checking why 
tirpwire does say there were changes please email me it's still not a totally 
"cleared" case in my mind. I have the nagging feeling I might be wrong about 
the system being clean.

Cheers

Sebastian Ip

If 
> i would do this, mount your redhat cd, mount the stage2.img file in the
> /mnt/cdrom/RedHat/base/stage2.img using the command:
> mount -o loop -t ext2 /mnt/cdrom/RedHat/bash/stage2.img /mnt/floppy
> then use the staticly compiled rpm in the usr/bin directory there to
> verifty the packages on the cd, like this
> /mnt/floppy/usr/bin/rpm -Vp /mnt/cdrom/RedHat/RPMS/gzip-*.rpm  , if you get
> just changed md5sums (signified by a 5) then your files are just corrupt,
> and not trojaned. This approach wont be immune to a malicious kernel
> module, so you might wanna boot into rescue mode on the cd and try it if
> the machine can be shut down

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com