[Nottingham] Has my server been intruded or am I paranoid?

Danny King dannyking at gmail.com
Sun Nov 16 18:36:43 UTC 2008


I do upgrade fairly regularly although I updates rkhunter before the scan too.

2008/11/16 Graeme Fowler <graeme at graemef.net>:
> On Sun, 2008-11-16 at 18:04 +0000, Danny King wrote:
>> Just found out that there was a power cut at the house with the server
>> so that would explain the four day logging gap (It was forgotten to
>> turn it on again). Still, should I be worried about the rkhunter
>> report?
>
> Maybe.
>
> However, did you recently apply any system updates? Those tools are
> usually part of the procps and iproute packages (on RH-derived boxes
> anyway), and since rkhunter makes a signature database when it's first
> run it could be that they've been updated and you've not re-baselined
> yet.
>
> If you were using an RPM based distro, you could do "rpm -Vf /bin/ps" to
> see if the various attributes have changed since installation. I've no
> idea how to do that using apt, though.
>
> TTFN
>
> Graeme
>
>
> _______________________________________________
> Nottingham mailing list
> Nottingham at mailman.lug.org.uk
> https://mailman.lug.org.uk/mailman/listinfo/nottingham
>



-- 
- Danny King

Are you a web standards developer that uses open source software? Say
hello, send me a mail! I'm looking for more like us.



More information about the Nottingham mailing list