Announcement

Collapse
No announcement yet.

[SOLVED] Changes to dmesg, sudo, whereis, and others - am I hacked?

Collapse
This topic is closed.
X
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
    #1

    [SOLVED] Changes to dmesg, sudo, whereis, and others - am I hacked?

    Today rkhunter reported changes to a number of the system binaries, including sudo, dmesg, and whereis. I didn't notice any updates that should have done this. Have there been any such security updates recently? If you run rkhunter, have you had the same?

    Sorry can't give detailed output as naturally I'm posting from a different machine.
    I am running Ubuntu 8.10 (yes Gnome) with upgrades applied daily about 0900 UK time. Hardware is Dell Precision 420, 2x 800 MHz PIII, 512 MB RDRAM, nVidia GeForce 6800 128 MB AGP graphics, 18GB SCSI and 500GB IDE HDDs, DVD burner, Hauppage TV card.
    Tags: None
    • Top
    • Bottom
    #2
    Re: Changes to dmesg, sudo, whereis, and others - am I hacked?

    i'm on a 32bit intel.
    here's the checksums of the files in question on my kubuntu 8.04.
    that's with all the latest updates applied.
    Code:
    root@crisps:~# sum -r /usr/bin/sudo /bin/dmesg /usr/bin/whereis
23985  106 /usr/bin/sudo
28441   5 /bin/dmesg
51266   8 /usr/bin/whereis
    boot off a live cd.
    mount your root filesystem under /mnt (or something).
    run the above command by prefixing all the paths with /mnt (or something).

    see what you get.

    this is all i can do.

    hth.
    gnu/linux is not windoze
    • Top
    • Bottom

    Comment

      #3
      Re: Changes to dmesg, sudo, whereis, and others - am I hacked?

      I get the same, and running chkrootkit from a livecd turns up nothing. So seems my system is clean and I just wasn't paying attention when I did the last apt-get dist-upgrade.
      I am running Ubuntu 8.10 (yes Gnome) with upgrades applied daily about 0900 UK time. Hardware is Dell Precision 420, 2x 800 MHz PIII, 512 MB RDRAM, nVidia GeForce 6800 128 MB AGP graphics, 18GB SCSI and 500GB IDE HDDs, DVD burner, Hauppage TV card.
      • Top
      • Bottom

      Comment

      Previous template Next
      Working...
      X