Date: Fri, 13 Jan 2006 08:18:43 -0500 From: Lee Whalen <law@permabit.com> To: stable@freebsd.org Subject: kernel compile and tripwire alerts... Message-ID: <43C7A8B3.9040001@permabit.com>
next in thread | raw e-mail | index | archive | help
Hey all, I've a question for the group, but first some brief background information on my situation: I'm setting up an ftp server for my company, pureftpd with TLS and virtual users, and because of the relaxed firewall rules we need for this particular box, I installed tripwire on there after got the ftp daemon installed and configured, and before I brought the box "fully online" in the DMZ with an ipf firewall configured. However, after the box was online, I decided to compile a new kernel just to remove stuff that we didn't use (SCSI adapters, wireless cards, all that stuff). I used the non-"make buildworld" way (choice 1 in the FBSD Handbook), figured that maybe a few system files would be touched, and that I'd see the small amount of changes in my tripwire report and all would be good. I installed and booted the kernel last night, no problem whatsoever, made sure the ftp was still accessable via the outside world, firewall was in place and operational (netcat rocks my socks for stuff like that!), and left for the night. Well, I ran a tripwire --check this morning and was, to say the least, quite surprised at the results. Just about every binary file on the system showed as "modified", INCLUDING the ftp binaries (which to my knowledge shouldn't be that connected to a kernel recompile) including the tripwire binaries, including /dev files, all that good stuff. So, my question for you all is, "what happened, and should I be worried/reformat the box?" Was I l33t h4x0r3d so soon (this box is maybe three days old, been on the network about two days)? Could any of you all be so kind as to point me to a (preferably official) site that has MD5/SHA1 hashes of various system binaries, so I can check a handful of them manually for integrity? Has anything like this happened to any of you when recompiling a "simple" kernel? Many thanks in advance for your help! -- Lee Whalen Permabit, Inc. Systems Integration Engineer
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?43C7A8B3.9040001>