Re: I'm afraid I've been cracked.
On 28 Sep 2000, Olaf Meeuwissen wrote:
> bash$ man debsums
> bash$ dpkg --search `which top`
> procps: /usr/bin/top
> bash$ debsums -s procps
>
> Any output could be a problem. Of course this assumes that the listed
> md5sums have not been tampered with. They are in /var/lib/dpkg/info.
>
Okay, after poking around a good deal, here's the diagnosis:
1) Log files look okay, but that doesn't count for much.
2) md5sums for all of those things like top, ls, etc all check out.
3) No packages have .md5sums files in /var/lib/dpkg/info with modification
dates any later than my original istallation (which was Sunday). Are
script kiddies smart enough to modify this?
If anybody did crack my box, it's not readily apparent that they did
anything harmful. Nevertheless, the only open ports I'm going to have from
here on out is ssh, and that will be configured to accept connections ONLY
from my box in my office.
Thanks for the help. Any further suggestions are very welcome, since I'm
still very new to all of this security stuff.
----------------------------------------------------------------------
Stephen W. Juranich sjuranic@ee.washington.edu
Electrical Engineering http://students.washington.edu/sjuranic
University of Washington http://rcs.ee.washington.edu/ssli
Reply to: