[WBEL-users] Permissions (Was Problems after updates)

Jean Lee jean.lee at free.fr
Fri Jun 10 10:42:34 CDT 2005 

Jeremy Bowers wrote:

>>Well :
>>- cd /bin
>>- "ls ps" returns ps in mode 555
>>- chmod 755 ps
>>
>>Here I have an error :
>>I don't have the permission to change permissions of "/bin/ps"
>>
>>    
>>
>
>It's possible that you could have a rootkit installed on your system
>without your knowing.  An easy way to check (and verify the integrity of
>your packages is to run:  rpm -Va
>
>This just makes sure that every file that was installed by an rpm, is
>still in the same condition it was when it was installed.  If the output
>of this command just gives you a bunch of config files then you're
>probably OK, and you should look for the cause elsewhere.  However, if a
>lot of your /bin commands have been changed, there's a good possibility
>that there's someone malicious on your system.
>
>Another good way to check for rootkits, is chkrootkit.  I believe that
>you can find that package on DAG's RHEL repo.
>
>Good Luck!
>
>--Jeremy
>  
>
>------------------------------------------------------------------------
>
>_______________________________________________
>Whitebox-users mailing list
>Whitebox-users at beau.org
>http://beau.org/mailman/listinfo/whitebox-users
>  
>

Hi all,

At the end of the mail is the output of "rpm -Va".
There's no modified binaries but I have some unstatisfied dependencies 
and this one is interesting :
Unsatisfied dependencies for redhat-lsb-1.3-3.1.EL3: /bin/ps

I have also some missing files.

I think it's more an installation problem than an intruder (what is a 
rootkit ?)

How can I recover these unsatisfied dependencies ? (By reinstalling each 
package manually or another way .... like formatting and doing a new 
installation :) )

Thank you for any help,

Jean LEE

S.5....T c /etc/sysconfig/pcmcia
S.5....T c /etc/sysconfig/redhat-logviewer
S.5....T c /etc/xml/catalog
S.5....T c /usr/share/sgml/docbook/xmlcatalog
SM5....T c /etc/ddclient.conf
SM5....T c /etc/alchemist/namespace/printconf/local.adl
S.5....T c /etc/mailcap
S.5....T c /etc/mime.types
S.5....T c /etc/crontab
S.5....T c /etc/xinetd.d/sgi_fam
S.5....T c /usr/share/a2ps/afm/fonts.map
.......T   /usr/src/linux-2.4.21-4.EL/arch/i386/math-emu/exception.h
.......T   /usr/src/linux-2.4.21-4.EL/arch/i386/math-emu/fpu_asm.h
.......T   /usr/src/linux-2.4.21-4.EL/arch/i386/math-emu/fpu_emu.h
.......T   /usr/src/linux-2.4.21-4.EL/arch/i386/math-emu/fpu_system.h
.......T   /usr/src/linux-2.4.21-4.EL/arch/i386/math-emu/reg_constant.h
.......T   /usr/src/linux-2.4.21-4.EL/arch/i386/math-emu/status_w.h
.......T   /usr/src/linux-2.4.21-4.EL/crypto/internal.h
.......T   /usr/src/linux-2.4.21-4.EL/crypto/tcrypt.h
.......T   /usr/src/linux-2.4.21-4.EL/drivers/addon/aep/paep.h
.......T   /usr/src/linux-2.4.21-4.EL/drivers/addon/bcm/cdevincl.h
.......T   /usr/src/linux-2.4.21-4.EL/drivers/addon/bcm/prototypes.h

# " more than 100 messages in   /usr/src/linux-2.4.21-4.EL/drivers/"

.......T   /usr/src/linux-2.4.21-4.EL/drivers/video/sti/sticore.h
.......T   /usr/src/linux-2.4.21-4.EL/drivers/video/vga.h
.......T   /usr/src/linux-2.4.21-4.EL/fs/autofs/autofs_i.h
.......T   /usr/src/linux-2.4.21-4.EL/fs/autofs4/autofs_i.h

# " more than 25 messages in   /usr/src/linux-2.4.21-4.EL/drivers/"

.......T   /usr/src/linux-2.4.21-4.EL/fs/udf/udfend.h
.......T   /usr/src/linux-2.4.21-4.EL/fs/ufs/util.h
.......T   /usr/src/linux-2.4.21-4.EL/include/asm-i386/apic.h
.......T   /usr/src/linux-2.4.21-4.EL/include/asm-i386/apicdef.h
.......T   /usr/src/linux-2.4.21-4.EL/include/asm-i386/atomic.h

# " more than 300 messages in   /usr/src/linux-2.4.21-4.EL/drivers/"

.......T   /usr/src/linux-2.4.21-4.EL/include/net/udp.h
.......T   /usr/src/linux-2.4.21-4.EL/include/net/xfrm.h
.......T   /usr/src/linux-2.4.21-4.EL/ipc/util.h
.......T   /usr/src/linux-2.4.21-4.EL/lib/zlib_inflate/infutil.h
.......T   /usr/src/linux-2.4.21-4.EL/net/8021q/vlan.h
.......T   /usr/src/linux-2.4.21-4.EL/net/atm/addr.h
.......T   /usr/src/linux-2.4.21-4.EL/net/atm/common.h
.......T   /usr/src/linux-2.4.21-4.EL/net/atm/ipcommon.h
.......T   /usr/src/linux-2.4.21-4.EL/net/atm/lec.h
.......T   /usr/src/linux-2.4.21-4.EL/net/atm/lec_arpc.h
.......T   /usr/src/linux-2.4.21-4.EL/net/atm/mpc.h
.......T   /usr/src/linux-2.4.21-4.EL/net/atm/mpoa_caches.h
.......T   /usr/src/linux-2.4.21-4.EL/net/atm/resources.h
.......T   /usr/src/linux-2.4.21-4.EL/net/atm/signaling.h
.......T   /usr/src/linux-2.4.21-4.EL/net/bluetooth/bnep/bnep.h
.......T   /usr/src/linux-2.4.21-4.EL/net/bridge/br_private.h
.......T   /usr/src/linux-2.4.21-4.EL/net/irda/irnet/irnet.h
.......T   /usr/src/linux-2.4.21-4.EL/net/irda/irnet/irnet_irda.h
.......T   /usr/src/linux-2.4.21-4.EL/net/irda/irnet/irnet_ppp.h
.......T   /usr/src/linux-2.4.21-4.EL/net/khttpd/prototypes.h
.......T   /usr/src/linux-2.4.21-4.EL/net/khttpd/structure.h
.......T   /usr/src/linux-2.4.21-4.EL/net/sched/cls_rsvp.h
S.5....T c /etc/syslog.conf
S.5....T   /usr/share/redhat-switch-mail/functions.pyc
S.5....T c /etc/sysconfig/rhn/sources
SM5....T c /etc/sysconfig/rhn/up2date
S.5....T c /etc/sysconfig/rhn/up2date-uuid
S.5....T c /etc/X11/xdm/Xservers
S.5....T c /root/.bashrc
.......T c /etc/pam_smb.conf
missing    /usr/java/j2re1.4.2_05/javaws/javaws.pack
missing    /usr/java/j2re1.4.2_05/lib/charsets.pack
missing    /usr/java/j2re1.4.2_05/lib/ext/localedata.pack
missing    /usr/java/j2re1.4.2_05/lib/jsse.pack
missing    /usr/java/j2re1.4.2_05/lib/plugin.pack
missing    /usr/java/j2re1.4.2_05/lib/rt.pack
missing    /usr/java/j2re1.4.2_05/lib/unpack
Unsatisfied dependencies for jail-1.9-1: perl(libjail)
SM5....T c /etc/vsftpd/vsftpd.conf
S.5....T c /etc/ssh/sshd_config
.....U..   /dev/apm_bios
.....U..   /dev/audio

# " a lot of messages in /dev "

.....U..   /dev/winradio2
.....U..   /dev/winradio3
Unsatisfied dependencies for gtk2-2.2.4-15: librsvg2 < 2.2.3-3
Unsatisfied dependencies for initscripts-7.31.18.EL-1.WB1: /sbin/sysctl
..5....T c /etc/inittab
S.5....T c /etc/ppp/ip-up
S.5....T c /etc/rc.d/rc.local
S.5....T c /etc/openldap/ldap.conf
S.5....T c /etc/samba/smb.conf
Unsatisfied dependencies for redhat-lsb-1.3-3.1.EL3: /bin/ps
..5....T c /etc/sysconfig/redhat-config-users
S.5....T c /etc/ldap.conf
missing    /usr/lib/rpmdb/i386-redhat-linux/whitebox/__db.001
missing    /usr/lib/rpmdb/i386-redhat-linux/whitebox/__db.002
missing    /usr/lib/rpmdb/i386-redhat-linux/whitebox/__db.003
S.5....T c /etc/printcap
S.5....T c /etc/profile
missing  c /var/log/lastlog
S.5....T   /usr/share/redhat-switch-mail/switchmail_gui.pyc
Unsatisfied dependencies for gtk2-2.2.4-15: librsvg2 < 2.2.3-3
S.5....T   /usr/bin/rsvg
S.5....T   /usr/lib/gtk-2.0/2.2.0/engines/libsvg.so
S.5....T   /usr/lib/gtk-2.0/2.2.0/loaders/svg_loader.so
S.5....T   /usr/lib/librsvg-2.so.2.2.3
.......T d /usr/share/man/man1/rsvg.1.gz
S.5....T c /etc/ppp/chap-secrets
S.5....T c /etc/ppp/pap-secrets
S.5....T c /etc/hotplug/usb.usermap
S.5..... c /etc/rndc.key
missing    /usr/lib/libdb.so.3
S.5....T c /etc/aliases
S.5....T c /etc/mail/sendmail.cf
SM5....T c /etc/mail/submit.cf
S.5....T c /var/log/mail/statistics
.......T   /var/lib/captive/ext2fsd.sys
Unsatisfied dependencies for gtk2-2.2.4-15: librsvg2 < 2.2.3-3
S.5....T c /etc/pam.d/system-auth
S.5....T c /etc/cups/cupsd.conf
S.5....T c /etc/cups/printers.conf
.M......   /usr/lib/xcdroast-0.98/bin/xcdrwrap
S.5....T c /etc/X11/gdm/gdm.conf
Unsatisfied dependencies for autofs-4.1.3-12: /bin/ps
Unsatisfied dependencies for redhat-config-proc-0.23-0.EL3.1: procps

More information about the Whitebox-users mailing list