[TriLUG] Server DEAD!

auto668 at hush.com auto668 at hush.com
Thu Aug 28 16:11:43 EDT 2003 

Ok.. more updates...

Did the following:  
rpm --root /mnt/sysimage-q --queryformat 
'%{NAME}-%{VERSION}-%{RELEASE}-%{ARCH}\n' glibc kernel 
(that should all be on one line) 

Here's the output:
glibc-2.3.2-11.9-i686
glibc-2.3.2-11.27-i686
kernel-2.4.20-9-i686
kernel-2.4.20-20.9-i686
kernel-smp-2.4.20-9-i686
kernel-smp-2.4.20-19.9-i686
kernel-smp-2.4.20-20.9-i686

This is an smp box.. it it 'normal' to have to glibc's listed?

And I ram the rpm -V on the coreutils and received the following

S.5....T /bin/basename
"        /bin/cat
"        /bin/chgrp

For net-tools I get the following..
S.5....T  /bin/hostname
S.5....T  /bin/netstat
S.5....T  /bin/ifconfig

Before I go any further.. what do you think?  rootkitted?

l-


On Thu, 28 Aug 2003 12:55:36 -0700 Jeremy Portzer <jeremyp at pobox.com>
wrote:
>On Thu, 2003-08-28 at 15:47, auto668 at hush.com wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>> 
>> Ok.. here's what happened on the 'first' step..
>> 
>> Booted to CD, entered rescue mode...
>> 
>> sh-2.05b# rpm --root /mnt/sysimage -V fileutils
>> package fileutils is not installed
>
>> That's what i have so far, is it weird that it read fileutils
>not being
>> installed?
>
>No, not weird, it just means you have a newer version of Red Hat
>Linux
>where the package name has changed from "fileutils" to "coreutils"
>--
>sorry, I forgot about that.
>
>But it looks like your procps package is okay.  Here are some other
>packages you could try to verify:
>	net-tools
>	bash
>	initscripts
>	glibc
>	kernel
>	
>Folks, can you suggest some others?
>You can also do "rpm -Va" to verify all packages; some of the output
>from this will be normal, however, as certain files are modified
>in the
>normal course of operations.
>
>--Jeremy
>
>-- 
>/---------------------------------------------------------------
>------\
>| Jeremy Portzer       jeremyp at pobox.com       trilug.org/~jeremy
>    |
>| GPG Fingerprint: 712D 77C7 AB2D 2130 989F  E135 6F9F F7BC CC1A
>7B92 |
>\---------------------------------------------------------------
>------/
>



Concerned about your privacy? Follow this link to get
FREE encrypted email: https://www.hushmail.com/?l=2

Free, ultra-private instant messaging with Hush Messenger
https://www.hushmail.com/services.php?subloc=messenger&l=434

Promote security and make money with the Hushmail Affiliate Program: 
https://www.hushmail.com/about.php?subloc=affiliate&l=427

More information about the TriLUG mailing list