Re: Maybe an intruder?
I don't THINK that is bad news but I wouldn't bet my job on it. download
and run chkrootkit and give it a go.
Those look rather innocent to me. Did you add any software or do an
apt-get upgrade recently?
David.
--
War on the World?
Not in My Name!
http://www.notinourname.net/
On 29 Mar 2003, Cau de Alencar wrote:
> The syslog entries below means ...
> what?
>
>
> -- transcript --
>
> Mar 29 13:06:20 int-mon anacron[1708]: Updated timestamp for job
> `cron.daily' to 2003-03-29
> Mar 29 13:09:12 int-mon :
> Mar 29 13:09:12 int-mon : Security Warning: Change in Suid Root files
> found :
> Mar 29 13:09:12 int-mon : - Added suid root files :
> /usr/X11R6/bin/Xwrapper
> Mar 29 13:09:12 int-mon : - Removed suid root files :
> /usr/X11R6/bin/Xwrapper
> Mar 29 13:09:12 int-mon :
> Mar 29 13:09:12 int-mon : Security Warning: Change in World Writeable
> Files found :
> Mar 29 13:09:12 int-mon : - Added writables files : /tmp/.font-unix
> Mar 29 13:09:12 int-mon : - Added writables files : /tmp/.font-unix/fs-1
> Mar 29 13:09:12 int-mon : - Added writables files :
> /tmp/.ICE-unix/dcop1548-1048953742
> Mar 29 13:09:12 int-mon : - Added writables files :
> /tmp/medusa-idled-service
> Mar 29 13:09:12 int-mon : - Removed writables files :
> /tmp/.ICE-unix/dcop1804-1048690358
> Mar 29 13:09:12 int-mon : - Removed writables files : /tmp/.font-unix
> Mar 29 13:09:12 int-mon : - Removed writables files :
> /tmp/.font-unix/fs-1
> Mar 29 13:09:13 int-mon : - Removed writables files :
> /tmp/medusa-idled-service
> Mar 29 13:09:13 int-mon :
> --
>
> TIA
>
> -- Cau
>
>
> --
> To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>
>
Reply to: