[CentOS] Is there a Centos 3 around ?

Nicolas Ross rossnick-lists at cybercat.ca
Mon Feb 7 18:21:18 UTC 2011


>> I think one of my machine got hacked, but I can figure out from where...
>>
>> I found some suspicious file in /bin and /usr/bin directories that are
>> owned
>> by user id 122, where this machine doesn't a userid 122.
>>
>> So, does anyone hav a centos 3.9 install arround that can send me the 
>> info
>
> One of our investigators has collaborators around the world, on old
> machines, so we have this:
> 2.4.21-63.ELsmp #1 SMP Tue Nov 3 18:48:49 EST 2009 i686 athlon i386 
> GNU/Linux
> Note they may be different on your machine.
>> about (filesize, md5, modification date) these file :
>>
>> /bin :
>> ls
>> netstat
>> ps
>
> -rwxr-xr-x    1 root     root        67700 Jun 12  2007 /bin/ls
> -rwxr-xr-x    1 root     root        83800 May 22  2007 /bin/netstat
> -r-xr-xr-x    1 root     root        64076 Apr 19  2006 /bin/ps
>
> e102f6c3dde4043908ed001e1587b1d2  /bin/ls
> bdfc76a24f59cc6cd8a70f771cc5cda4  /bin/netstat
> fc3369b3564e00f877387a13bf3f467a  /bin/ps

Dammm...

mds5um has been tempered with also... It return those expected values, but a 
md5sum programm I took elsewhere was returning another value...

Dammm... 




More information about the CentOS mailing list