Hey all, I've a question for the group, but first some brief
background information on my situation: I'm setting up an ftp server for
my company, pureftpd with TLS and virtual users, and because of the
relaxed firewall rules we need for this particular box, I installed
tripwire on there after got the ftp daemon installed and configured, and
before I brought the box "fully online" in the DMZ with an ipf firewall
configured. However, after the box was online, I decided to compile a
new kernel just to remove stuff that we didn't use (SCSI adapters,
wireless cards, all that stuff). I used the non-"make buildworld" way
(choice 1 in the FBSD Handbook), figured that maybe a few system files
would be touched, and that I'd see the small amount of changes in my
tripwire report and all would be good. I installed and booted the
kernel last night, no problem whatsoever, made sure the ftp was still
accessable via the outside world, firewall was in place and operational
(netcat rocks my socks for stuff like that!), and left for the night.
Well, I ran a tripwire --check this morning and was, to say the least,
quite surprised at the results. Just about every binary file on the
system showed as "modified", INCLUDING the ftp binaries (which to my
knowledge shouldn't be that connected to a kernel recompile) including
the tripwire binaries, including /dev files, all that good stuff. So,
my question for you all is, "what happened, and should I be
worried/reformat the box?" Was I l33t h4x0r3d so soon (this box is
maybe three days old, been on the network about two days)? Could any of
you all be so kind as to point me to a (preferably official) site that
has MD5/SHA1 hashes of various system binaries, so I can check a handful
of them manually for integrity? Has anything like this happened to any
of you when recompiling a "simple" kernel?
Many thanks in advance for your help!
--
Lee Whalen
Permabit, Inc.
Systems Integration Engineer
_______________________________________________
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
