From owner-freebsd-security Tue Dec 10 06:52:44 1996 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.4/8.8.4) id GAA06014 for security-outgoing; Tue, 10 Dec 1996 06:52:44 -0800 (PST) Received: from halloran-eldar.lcs.mit.edu (halloran-eldar.lcs.mit.edu [18.26.0.159]) by freefall.freebsd.org (8.8.4/8.8.4) with SMTP id GAA06007 for ; Tue, 10 Dec 1996 06:52:42 -0800 (PST) Received: by halloran-eldar.lcs.mit.edu; (5.65v3.2/1.1.8.2/19Aug95-0530PM) id AA21942; Tue, 10 Dec 1996 09:52:01 -0500 Date: Tue, 10 Dec 1996 09:52:01 -0500 From: Garrett Wollman Message-Id: <9612101452.AA21942@halloran-eldar.lcs.mit.edu> To: Brian Tao Cc: freebsd-security@freebsd.org Subject: Re: URGENT: Packet sniffer found on my system In-Reply-To: References: <199612100639.WAA00847@salsa.gv.ssi1.com> Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk < said: > One of these days I'm going to set up cops or tripwire to do this > for me on a regular basis. Heck, maybe even mtree, since it seems > like it can do that sort of stuff... In fact, recent distributions should come with all the mtree files you need to perform this sort of check. Look for the `distname.mtree' files in the distribution directories. You can even have mtree screech about files which are there but are not present in the profile. Be aware that some files (like init) exist in different versions in different distributions, so there are going to be some false alarms. -GAWollman -- Garrett A. Wollman | O Siem / We are all family / O Siem / We're all the same wollman@lcs.mit.edu | O Siem / The fires of freedom Opinions not those of| Dance in the burning flame MIT, LCS, ANA, or NSA| - Susan Aglukark and Chad Irschick