Re: /bin/login listening?

Sat, 28 Jul 2007 23:59:37 -0700 

On Sat, 29 Jul 2007, Tyler Smith wrote:


On 2007-07-28, Jeff D <[EMAIL PROTECTED]> wrote:

also, what version of debian are you running?  Is this machine behind a
firewall or do you have a firewall running on it?  You may also


I'm running Lenny on a laptop, usually connected to various wireless
routers. I recently noticed that firestarter wasn't actually starting
automatically, something to do with the network not being up when I
boot, and I don't always remember to turn it on after I connect to the
wireless router. Also, even when I am running firestarter I have to
turn it off in order to access my university via vpn.

I've pasted the results of all the tests you suggested below. I don't
understand much, but the md5sum mis-match for the rkhunter files is
definitely worrying. Am I going to have to re-install?

Thanks,

Tyler



you can also install the debsums package, it will do a md5sum check
against installed packages.





root:chapter3# debsums -s


<SNIP tons of debsum output>


debsums: checksum mismatch libgcj-common file 
/usr/share/doc/libgcj-common/copyright
debsums: checksum mismatch libgcj-common file 
/usr/share/doc/libgcj-common/changelog.Debian.gz



<SNIP lsof output>






do you have nmap installed on the local machine? you could run a nmap -sV
localhost against it and it should report back with something as well.


root:chapter3# nmap -sV localhost

Starting Nmap 4.20 ( http://insecure.org ) at 2007-07-29 00:26 ADT
Interesting ports on localhost (127.0.0.1):
Not shown: 1691 closed ports
PORT    STATE SERVICE VERSION
22/tcp  open  ssh     OpenSSH 4.6p1 Debian 4 (protocol 2.0)
25/tcp  open  smtp    Exim smtpd 4.67
80/tcp  open  http    Apache httpd 1.3.34 ((Debian))
111/tcp open  rpcbind  2 (rpc #100000)
113/tcp open  ident   OpenBSD identd
929/tcp open  unknown
Service Info: Host: blackbart.mynetwork; OSs: Linux, OpenBSD

Service detection performed. Please report any incorrect results at 
http://insecure.org/nmap/submit/ .
Nmap finished: 1 IP address (1 host up) scanned in 6.208 seconds
root:chapter3#




From the looks of it, it could have just been a false positive.  ive seen 

rkhunter report a few, not very often though.  I'd run rkhunter again, 
install chkrootkit, run that, see if the two match up.



As far as debsums reporting back on the rkhunter files, those will 
probably not match, as they can get updated.



-+-
8 out of 10 Owners who Expressed a Preference said Their Cats Preferred Techno.


--

To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
























					Reply via email to