have i been hacked?
albi
albi at aseed.antenna.nl
Wed Apr 14 14:29:20 PDT 2004
On Wed, 14 Apr 2004 16:08:08 +0000
Daniela <dgw at liwest.at> wrote:
> > aragorn# ls -l /bin/rcp
> > -r-sr-xr-x 1 root wheel 18392 Feb 23 20:41 /bin/rcp
> >
> > (notice the size!, someone mentioned that already on the list..)
> >
> > So obviously something weird happened.
>
> That needn't be the case. Mine is 932532 bytes long (and it was already that
> size after a fresh reinstall).
> And why? Debug symbols. I love to have them everywhere.
> Try to strip the file, and it will be much shorter.
apart from that, does one really need "rcp" at all ? i recommend to delete as
much as possible your setuid-apps, use jails for your services and read security-howtos
and if you really think your box is cracked, reinstall from scratch (and you'll sleep
better at night :)
when it comes to rootkits, try also : rkhunter from http://www.rootkit.nl
HTH,GL!
More information about the freebsd-questions
mailing list