On Wed, 2003-04-30 at 01:03, Michael Schwendt wrote: > --BEGIN PGP SIGNED MESSAGE-- > Hash: SHA1 > > On 29 Apr 2003 18:32:44 +0100, Mike wrote: > > > I have a horrible feeling that my system may have been compromised > > Hence the subject line should read "Have I been hacked?". > > > I have a file libwrap.a (part of tcp_wrappers) > > > > like this > > > > ?r-x-wxrwt 26977 25716 159071 1969188457 May 4 2031 > > /usr/lib/libwrap.a > > This looks more like a damaged file-system due to hardware problems or > results of a serious crash. Do you have any other mysterious file > stats to report? You might want to verify all your installed rpms. > > > (in rescue mode the permissions are Br-x-wrwt) > > > > and rpm -V shows > > rpm -V tcp_wrappers > > SM?..UGT /usr/lib/libwrap.a > > > > This file cant be deleted. > > > > I have replaced all other files directly. > > > > So the question is - is it possible to repair this without a full > > re-install? > > If an fsck doesn't help, backup your /usr or /usr/lib partition (if you > have one) and re-format the partition and re-install the files. Then go > and replace any other damaged files/inodes. I had one or two other wierd files (/usr/lib/pspell_aspell.a and /usr/doc/glib) in the end I decided to re-install to be on the safe side for info my box (which is my personal machine) runs behind a adsl router with integral bsd firewall and only essential ports were open. I dont run rsh, telnet, remote X, or sendmail (exim instead) I had had a lot of stability problems with rh9, but these seemed to have stabilised. > - -- > --BEGIN PGP SIGNATURE-- > Version: GnuPG v1.2.1 (GNU/Linux) > > iD8DBQE+rxK70iMVcrivHFQRAjrUAJ90ALW3pqm70sMV6CK0dcEpNsiR9ACeNBl0 > clkiZU57ke6QrIlZRCn6OJ8= > =IdEo > --END PGP SIGNATURE-- > >
