This is a root kit.
We had this show up on 2 machines within days of each other.
We found anomalies for a bunch of binaries as well.
Clues other than not being able to touch numeric files, is the RPM
database is messed up,
so rpm verifies arent working right. It might be the version of ssh or
the kernel we were running
in RHEL 4 (update 5), and that is how they go in. But we cant be
certain anymore because of recent dates (after the intrusion).
FYI : I fsck'd the disks nothing showed up..
System rebuild time. Thanks for the help!
Good Luck All,
Gary
Tom H wrote:
Hi,
I have some redhat boxes that are using redhat networks for updates, and
they have all stopped updating together and are now showing as un-entitled;
Error Class Info:
This system does not have a valid entitlement for Red Hat Network.
Please visit https://rhn.redhat.com/rhn/systems/SystemEntitlements.do
or login at https://rhn.redhat.com, and from the "Your RHN" tab,
select "Subscription Management" to enable RHN service for this system.
Any ideas what is going on, if I try to edit them to change them to
entitled. Nothing happens.
Thanks,
T
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
