Re: kernel compile and tripwire alerts...
Hi, most likely you were indeed l33t h4x0r3d, a kernel upgrade should not touch your ftp binary. you can try chkrootkit and/or rkhunter from the ports collection to verify this. Also chkrootkit may in my experience sometime give a false positive but it has been a while since I used it. I have never tried rkhunter. Good luck. On Friday 13 January 2006 14:18, Lee Whalen wrote: >Hey all, I've a question for the group, but first some brief > background information on my situation: I'm setting up an ftp server for > my company, pureftpd with TLS and virtual users, and because of the > relaxed firewall rules we need for this particular box, I installed > tripwire on there after got the ftp daemon installed and configured, and > before I brought the box "fully online" in the DMZ with an ipf firewall > configured. However, after the box was online, I decided to compile a > new kernel just to remove stuff that we didn't use (SCSI adapters, > wireless cards, all that stuff). I used the non-"make buildworld" way > (choice 1 in the FBSD Handbook), figured that maybe a few system files > would be touched, and that I'd see the small amount of changes in my > tripwire report and all would be good. I installed and booted the > kernel last night, no problem whatsoever, made sure the ftp was still > accessable via the outside world, firewall was in place and operational > (netcat rocks my socks for stuff like that!), and left for the night. > Well, I ran a tripwire --check this morning and was, to say the least, > quite surprised at the results. Just about every binary file on the > system showed as "modified", INCLUDING the ftp binaries (which to my > knowledge shouldn't be that connected to a kernel recompile) including > the tripwire binaries, including /dev files, all that good stuff. So, > my question for you all is, "what happened, and should I be > worried/reformat the box?" Was I l33t h4x0r3d so soon (this box is > maybe three days old, been on the network about two days)? Could any of > you all be so kind as to point me to a (preferably official) site that > has MD5/SHA1 hashes of various system binaries, so I can check a handful > of them manually for integrity? Has anything like this happened to any > of you when recompiling a "simple" kernel? > > Many thanks in advance for your help! ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "[EMAIL PROTECTED]"
No Subject
subscribe freebsd-stable To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-stable" in the body of the message
compiling errors on new install
I've just installed FreeBSD 4.1, synced with the freebsd-stable using cvsup but when i do a `make world` I get the following error: building static perl library ranlib libperl.a sh /usr/src/tools/install.sh -c -o root -g wheel -m 444 libperl.a /usr/obj/usr/src/i386/usr/lib cd /usr/src/gnu/usr.bin/perl/miniperl; make obj; make depend; make all; make install /usr/obj/usr/src/i386/usr/src/gnu/usr.bin/perl/miniperl created for /usr/src/gnu/usr.bin/perl/miniperl ln -sf /usr/src/gnu/usr.bin/perl/miniperl/../../../../contrib/perl5/op.c opmini.c Extracting config.h (with variable substitutions) rm -f .depend mkdep -f .depend -a -I/usr/src/gnu/usr.bin/perl/miniperl/../../../../contrib/perl5 -I/usr/obj/usr/src/i386/usr/src/gnu/usr.bin/perl/miniperl -DPERL_EXTERNAL_GLOB -I/usr/obj/usr/src/i386/usr/include /usr/src/gnu/usr.bin/perl/miniperl/../../../../contrib/perl5/miniperlmain.c opmini.c cd /usr/src/gnu/usr.bin/perl/miniperl; make _EXTRADEPEND echo miniperl: /usr/obj/usr/src/i386/usr/lib/libc.a /usr/obj/usr/src/i386/usr/src/gnu/usr.bin/perl/miniperl/../libperl/libperl.a /usr/obj/usr/src/i386/usr/lib/libm.a /usr/obj/usr/src/i386/usr/lib/libcrypt.a >> .depend cc -O -pipe -I/usr/src/gnu/usr.bin/perl/miniperl/../../../../contrib/perl5 -I/usr/obj/usr/src/i386/usr/src/gnu/usr.bin/perl/miniperl -DPERL_EXTERNAL_GLOB '-DAPPLLIB_EXP="/usr/libdata/perl/BSDPAN"' -I/usr/obj/usr/src/i386/usr/include -c /usr/src/gnu/usr.bin/perl/miniperl/../../../../contrib/perl5/miniperlmain.c cc -O -pipe -I/usr/src/gnu/usr.bin/perl/miniperl/../../../../contrib/perl5 -I/usr/obj/usr/src/i386/usr/src/gnu/usr.bin/perl/miniperl -DPERL_EXTERNAL_GLOB '-DAPPLLIB_EXP="/usr/libdata/perl/BSDPAN"' -I/usr/obj/usr/src/i386/usr/include -c opmini.c cc -O -pipe -I/usr/src/gnu/usr.bin/perl/miniperl/../../../../contrib/perl5 -I/usr/obj/usr/src/i386/usr/src/gnu/usr.bin/perl/miniperl -DPERL_EXTERNAL_GLOB '-DAPPLLIB_EXP="/usr/libdata/perl/BSDPAN"' -I/usr/obj/usr/src/i386/usr/include -L/usr/obj/usr/src/i386/usr/src/gnu/usr.bin/perl/miniperl/../libperl -static -o miniperl miniperlmain.o opmini.o /usr/obj/usr/src/i386/usr/src/gnu/usr.bin/perl/miniperl/../libperl/libperl.a -lm -lcrypt *** Error code 1 Stop in /usr/src/gnu/usr.bin/perl/miniperl. *** Error code 1 Stop in /usr/src. *** Error code 1 Stop in /usr/src. *** Error code 1 Stop in /usr/src. does anyone know what to do about this ?? To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-stable" in the body of the message
