|
Security Incidents
mailing list archives
Re: Possible tirpwire false alarm?
From: Berend De Schouwer <bds () jhb ucs co za>
Date: 15 Oct 2001 17:37:35 +0200
On Mon, 2001-10-15 at 14:25, Sebastian Ip wrote:
Dear experienced security people
I am in a fix and i need an answer really quick....
I woke up today checked my personal linux firewall logs.. noticed that over
night tirpwire results were in my mail box.. Checked it.. and ALARM!! ls has
been modified along with gunzip, gzip, zcat and cpio. All of them in /bin.
Step 1: stay calm :)
What changed? sums, permissions, or timestamps? If you run tripwire
again, have the same files changed? If its different files, maybe you
have flaky hardware.
Thanks
Sebastian Ip
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
--
Berend De Schouwer
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
 By Date 
By Thread
Current thread:
| 
Intro
