Date: Wed, 14 Apr 2004 17:27:26 +0200 From: albi <albi@aseed.antenna.nl> To: freebsd-questions@freebsd.org Subject: Re: have i been hacked? Message-ID: <20040414172726.39d70705.albi@aseed.antenna.nl> In-Reply-To: <200404141608.08788.dgw@liwest.at> References: <200404140933.i3E9XdSE000461@mist.nodomain> <407D08FD.1080708@elvandar.org> <200404141608.08788.dgw@liwest.at>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 14 Apr 2004 16:08:08 +0000 Daniela <dgw@liwest.at> wrote: > > aragorn# ls -l /bin/rcp > > -r-sr-xr-x 1 root wheel 18392 Feb 23 20:41 /bin/rcp > > > > (notice the size!, someone mentioned that already on the list..) > > > > So obviously something weird happened. > > That needn't be the case. Mine is 932532 bytes long (and it was already that > size after a fresh reinstall). > And why? Debug symbols. I love to have them everywhere. > Try to strip the file, and it will be much shorter. apart from that, does one really need "rcp" at all ? i recommend to delete as much as possible your setuid-apps, use jails for your services and read security-howtos and if you really think your box is cracked, reinstall from scratch (and you'll sleep better at night :) when it comes to rootkits, try also : rkhunter from http://www.rootkit.nl HTH,GL!
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040414172726.39d70705.albi>