[Nottingham] Has my server been intruded or am I paranoid?
Graeme Fowler
graeme at graemef.net
Sun Nov 16 18:25:09 UTC 2008
On Sun, 2008-11-16 at 18:04 +0000, Danny King wrote:
> Just found out that there was a power cut at the house with the server
> so that would explain the four day logging gap (It was forgotten to
> turn it on again). Still, should I be worried about the rkhunter
> report?
Maybe.
However, did you recently apply any system updates? Those tools are
usually part of the procps and iproute packages (on RH-derived boxes
anyway), and since rkhunter makes a signature database when it's first
run it could be that they've been updated and you've not re-baselined
yet.
If you were using an RPM based distro, you could do "rpm -Vf /bin/ps" to
see if the various attributes have changed since installation. I've no
idea how to do that using apt, though.
TTFN
Graeme
More information about the Nottingham
mailing list