Re: Hacked - is it my turn?

To: debian-security@lists.debian.org
Subject: Re: Hacked - is it my turn?
From: Andreas Schmidt <andy@space.wh1.tu-dresden.de>
Date: Mon, 2 Feb 2004 22:59:11 +0100
Message-id: <[🔎] 20040202215911.GK1315@rocket>
In-reply-to: <[🔎] 20040202120856.24cc6b2a.graumann@caltech.edu> (from graumann@caltech.edu on Mon, Feb 02, 2004 at 21:08:56 +0100)
References: <[🔎] 20040202120856.24cc6b2a.graumann@caltech.edu>

On 2004.02.02 21:08, Johannes Graumann wrote:

Hello,

Checksecurity reports this:

> Security Violations for su
> =-=-=-=-=-=-=-=-=-=-=-=-=-
> Feb 2 06:33:11 server_name su[16863]: + ??? root:nobody

'tiger' also reports - while performing signature check of system
binaries, that /bin/ping, /usr/bin/chage, /usr/bin/at, /usr/bin/write
and /usr/bin/inetd don not match. This can not be confirmed by aide
(cd-burned database, unsafe binary) or debsums (unsafe binary).

Hi,

have something similar here:
# Performing signature check of system binaries...
NEW: --WARN-- [sig004w] None of the following versions of /bin/ping
(-rwsr-xr-x) matched the /bin/ping on this machine.
NEW: --WARN-- [sig004w] None of the following versions of /usr/bin/at
(-rwsr-xr-x) matched the /usr/bin/at on this machine.

NEW: --WARN-- [sig004w] None of the following versions of /usr/sbin/inetd

(-rwxr-xr-x) matched the /usr/sbin/inetd on this machine.
# Checking for correct umask settings...
# Performing common access checks for root...

Considerung this kind of behavior is on two machines now makes meassume this might be another bug with tiger. :-)

BTW, the machine logging this has sid installed.

Moreover, I got these messages:
# Performing check of 'services' ...

OLD: --FAIL-- [inet002f] Service binkp is assigned to port 24554/tcpwhich

should be 24554/udp.

OLD: --FAIL-- [inet002f] Service fido is assigned to port 60179/tcpwhich

should be 60179/udp.

OLD: --FAIL-- [inet002f] Service ircd is assigned to port 6667/tcpwhich should

be 6667/udp.

OLD: --FAIL-- [inet002f] Service tfido is assigned to port 60177/tcpwhich

should be 60177/udp.

OLD: --FAIL-- [inet002f] Service tproxy is assigned to port 8081/tcpwhich

should be 8081/udp.

OLD: --FAIL-- [inet002f] Service webcache is assigned to port 8080/tcpwhich

should be 8080/udp.

Is that anything to be worried about? After all, it's just somemappings in /etc/services, or is it? I don't run an ircd (I know of),for instance, and the other ports mentioned here are not shown as openby nmap/netstat.


Best regards,

Andreas

Reply to:

Follow-Ups:
- Re: Hacked - is it my turn?
  - From: Javier Fernández-Sanguino Peña <jfs@computer.org>

References:
- Hacked - is it my turn?
  - From: Johannes Graumann <graumann@caltech.edu>

Prev by Date: Re: Hacked - is it my turn?
Next by Date: Re: Hacked - is it my turn? - interesting
Previous by thread: Re: Hacked - is it my turn? - interesting
Next by thread: Re: Hacked - is it my turn?
Index(es):
- Date
- Thread