[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [opensuse-security] System attacked, need help



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 2014-09-13 20:00, Jon Cosby wrote:

> The attacks seem to continue almost immediately. rkhunter gives a very
> suspicious warning:
> 
> <code>
> [10:19:02]   /sbin/ifup                                      [ Warning ]
> [10:19:02] Warning: The command '/sbin/ifup' has been replaced by a
> script: /sbin/ifup: Bourne-Again shell script, ASCII..

False positive. It *is* a script on openSUSE.

> sbin> ls -l ifup
> -rwxr-xr-x 1 root root 48711 Apr 10 00:46 ifup

cer@Telcontar:~> l /sbin/ifup
- -rwxr-xr-x 1 root root 48711 Apr 10 09:46 /sbin/ifup*
cer@Telcontar:~> file /sbin/ifup
/sbin/ifup: Bourne-Again shell script, ASCII text executable
cer@Telcontar:~> rpm -qf /sbin/ifup
sysconfig-network-0.81.5-30.1.x86_64
cer@Telcontar:~> rpm -V sysconfig-network
cer@Telcontar:~>

- -- 
Cheers / Saludos,

		Carlos E. R.
		(from 13.1 x86_64 "Bottle" at Telcontar)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)

iEYEARECAAYFAlQUixsACgkQtTMYHG2NR9U9pACfUglKv9r1FB5z7AS29lPBdgLc
/1oAn1Uy+5vauxVqkl83cCxLgC/D963f
=VpvG
-----END PGP SIGNATURE-----
-- 
To unsubscribe, e-mail: opensuse-security+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-security+owner@xxxxxxxxxxxx