Sorry I am new to this and have been trying to read deep into this post to figure things out... If I run the rpm -Va on my machine to see if any of these files have been changed just for learning purposes... What exactly am I looking for? And what should be causes for concern?
If one does find a file that's been altered by a rootkit or whatnot, what is the next step from there? Remove and Reinstall or is there a simple fix?
Are there any good apps out there to guard against rootkits or this problem?
Forgive me for the n00bness if I am completely off track as I am trying to learn new stuff everyday as well as keep up with security as this sounds like a pretty severe security issue...
From an overall security point of view, does anyone know any good links or
direct me to some good information for securing linux server systems if its not behind a hardware firewall? I read all the security updates for specific daemons such as httpd, bind, etc.. and ensure those measures are in place and or patched. However, when it comes to the actual OS itself I just want to make sure all security measures are in place for it as well. Yum update does run on a nightly basis, but not sure if there is more to it than that.
Thanks! James
-----Original Message----- From: centos-bounces@centos.org [mailto:centos-bounces@centos.org] On Behalf Of Scot L. Harris Sent: February 6, 2006 3:58 PM To: CentOS mailing list Subject: Re: [CentOS] I appear to be attacking others
On Mon, 2006-02-06 at 17:50, Troy Engel wrote:
Steve Bergman wrote:
from a few trusted machines, I get the output below from 'rpm -Va | grep -e libexec -e '/bin/'.
Also, how do rpm -V and prelink interact? Are the binaries in an rpm already prelinked?
I don't believe so, but I've never researched what they do upstream. It seems logistically difficult to build and prelink a binary while making a RPM from a gut instinct point of view.
I think your list is, as you guess, a set of victims that don't fit due to a prelink. I usually only use that command on server systems and don't see a lot of those entries.
-te
It was my understanding that rpm was prelink aware. I know things like tripwire are not prelink aware and will report changes if you initialize its database prior to prelink running.
_______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos