[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [opensuse-security] System attacked, need help
On 2014-09-13 11:21, Carlos E. R. wrote:
-----BEGIN PGP SIGNED MESSAGE-----
On 2014-09-13 20:00, Jon Cosby wrote:
The attacks seem to continue almost immediately. rkhunter gives a very
[10:19:02] /sbin/ifup [ Warning
[10:19:02] Warning: The command '/sbin/ifup' has been replaced by a
script: /sbin/ifup: Bourne-Again shell script, ASCII..
False positive. It *is* a script on openSUSE.
sbin> ls -l ifup
-rwxr-xr-x 1 root root 48711 Apr 10 00:46 ifup
cer@Telcontar:~> l /sbin/ifup
- -rwxr-xr-x 1 root root 48711 Apr 10 09:46 /sbin/ifup*
cer@Telcontar:~> file /sbin/ifup
/sbin/ifup: Bourne-Again shell script, ASCII text executable
cer@Telcontar:~> rpm -qf /sbin/ifup
cer@Telcontar:~> rpm -V sysconfig-network
Thanks. What about the universal permissions on ifdown?
sbin> ls -l ifdown
lrwxrwxrwx 1 root root 4 Sep 12 18:05 ifdown -> ifup
And again, there’s a long signal going out when I come back from
suspension. I'm assuming it's coming from ifup.
To unsubscribe, e-mail: opensuse-security+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-security+owner@xxxxxxxxxxxx