Re: rkhunter sshd warning

2014-03-19 Thread Patrick O'Callaghan
On Wed, 2014-03-19 at 01:00 -0700, Wolfgang S. Rupprecht wrote: > Patrick O'Callaghan writes: > > On Sun, 2014-03-16 at 15:04 -0700, Wolfgang S. Rupprecht wrote: > >> A clever intruder is just going to wait until a batch of changes > goe > >> out and then add their trojan. > > > > Of course you c

Re: rkhunter sshd warning

2014-03-19 Thread Wolfgang S. Rupprecht
Patrick O'Callaghan writes: > On Sun, 2014-03-16 at 15:04 -0700, Wolfgang S. Rupprecht wrote: >> A clever intruder is just going to wait until a batch of changes goe >> out and then add their trojan. > > Of course you check the hash signatures on those downloads, right? Yes, but in a haphazard,

Re: rkhunter sshd warning

2014-03-17 Thread Patrick O'Callaghan
On Sun, 2014-03-16 at 15:04 -0700, Wolfgang S. Rupprecht wrote: > A clever intruder is just going to wait until a batch of changes goe > out and then add their trojan. Of course you check the hash signatures on those downloads, right? poc -- users mailing list users@lists.fedoraproject.org To

Re: rkhunter sshd warning

2014-03-16 Thread Wolfgang S. Rupprecht
John Horne writes: > On Sun, 2014-03-16 at 12:59 -0700, Wolfgang S. Rupprecht wrote: >> -- Start Rootkit Hunter Scan >> -- >> Warning: The file '/usr/sbin/sshd' exists on the system, but it is >> not present in the 'rkhunter.dat' file. >> Warnin

Re: rkhunter sshd warning

2014-03-16 Thread John Horne
On Sun, 2014-03-16 at 12:59 -0700, Wolfgang S. Rupprecht wrote: > -- Start Rootkit Hunter Scan > -- > Warning: The file '/usr/sbin/sshd' exists on the system, but it is > not present in the 'rkhunter.dat' file. > Warning: The file '/usr/bin/ssh'

Re: rkhunter sshd warning

2014-03-16 Thread Wolfgang S. Rupprecht
Kevin Fenzi writes: > On Sun, 16 Mar 2014 12:59:29 -0700 > "Wolfgang S. Rupprecht" wrote: >> Are other people seeing this? I'm not looking forward to a full scrub >> and clean installation. > > Did you recently install or update openssh-server, openssh or > telnet-server ? When you update packa

Re: rkhunter sshd warning

2014-03-16 Thread Kevin Fenzi
On Sun, 16 Mar 2014 12:59:29 -0700 "Wolfgang S. Rupprecht" wrote: ...snip... > Are other people seeing this? I'm not looking forward to a full scrub > and clean installation. Did you recently install or update openssh-server, openssh or telnet-server ? When you update packages you need to re-r

rkhunter sshd warning

2014-03-16 Thread Wolfgang S. Rupprecht
Things that make you go 'hmmm' (see sshd, ssh, telnet mention): From: root (root) To: root Subject: rkhunter Daily Run on [redacted] Date: Sun, 16 Mar 2014 07:51:04 -0700 - Start Rootkit Hunter Update - [ Rootkit Hunter version 1.4