On Mon, Feb 07, 2011 at 01:06:56PM -0500, Nicolas Ross wrote: > Hi ! > > I think one of my machine got hacked, but I can figure out from where... > > I found some suspicious file in /bin and /usr/bin directories that are owned > by user id 122, where this machine doesn't a userid 122. > > So, does anyone hav a centos 3.9 install arround that can send me the info > about (filesize, md5, modification date) these file : 3.9 is still available on all the mirrors, you can rpm2cpio and compare (watch out for prelinked files) or try the rpm --verify flag (if the rpm database is not modified). Tru -- Tru Huynh (mirrors, CentOS i386/x86_64 Package Maintenance) http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xBEFA581B -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available URL: <http://lists.centos.org/pipermail/centos/attachments/20110207/45e94860/attachment-0005.sig>