[CentOS] Is there a Centos 3 around ?
m.roth at 5-cent.us
m.roth at 5-cent.us
Mon Feb 7 18:14:28 UTC 2011
Nicolas Ross wrote:
> Hi !
>
> I think one of my machine got hacked, but I can figure out from where...
>
> I found some suspicious file in /bin and /usr/bin directories that are
> owned
> by user id 122, where this machine doesn't a userid 122.
>
> So, does anyone hav a centos 3.9 install arround that can send me the info
One of our investigators has collaborators around the world, on old
machines, so we have this:
2.4.21-63.ELsmp #1 SMP Tue Nov 3 18:48:49 EST 2009 i686 athlon i386 GNU/Linux
Note they may be different on your machine.
> about (filesize, md5, modification date) these file :
>
> /bin :
> ls
> netstat
> ps
-rwxr-xr-x 1 root root 67700 Jun 12 2007 /bin/ls
-rwxr-xr-x 1 root root 83800 May 22 2007 /bin/netstat
-r-xr-xr-x 1 root root 64076 Apr 19 2006 /bin/ps
e102f6c3dde4043908ed001e1587b1d2 /bin/ls
bdfc76a24f59cc6cd8a70f771cc5cda4 /bin/netstat
fc3369b3564e00f877387a13bf3f467a /bin/ps
>
> /usr/bin/
> dir
> find
> md5sum
> pstree
> slocate
> tee
> top
-rwxr-xr-x 1 root root 67700 Jun 12 2007 /usr/bin/dir
-rwxr-xr-x 1 root root 51028 Jan 11 2006 /usr/bin/find
-rwxr-xr-x 1 root root 29184 Jun 12 2007 /usr/bin/md5sum
-rwxr-xr-x 1 root root 14048 Apr 28 2006 /usr/bin/pstree
0df0aafb355df40b1137355dd354f172 /usr/bin/dir
2c5f4e789da1ad8d19ce5c68ecf8261d /usr/bin/find
03174f884e7fc5fbc215780819679f6e /usr/bin/md5sum
224f527255b2c8deb44f692eaadc873d /usr/bin/pstree
0cee754c3981ba5f527bedc9a8cbea2a /usr/bin/slocate
4ed536310a845f274f6a1611773789d8 /usr/bin/tee
6b42bf37296861c657fcf6b8dba8f675 /usr/bin/top
<snip>
Hope this helps.
mark
More information about the CentOS
mailing list