Knowledgebase
System Integrity checking detected a modified system file
Posted by jackpx, 02-25-2011, 03:49 AM | Today I received the following email on my centos Server:
The following list of files have FAILED the md5sum comparison test. This means that the file has been changed in some way. This could be a result of an OS update or application upgrade. If the change is unexpected it should be investigated:
/usr/bin/RSA_SecurID_getpasswd: FAILED
/usr/sbin/Kobil_mIDentity_switch: FAILED
Today we not have made any update to the server.
This error might indicate that the server was compromised?
Thanks you.
|
Posted by Rapid2214, 02-25-2011, 06:44 PM | Who owns them and when were they last modified?
|
Posted by jackpx, 02-25-2011, 08:11 PM | Thanks for your reply.
http//i56.tinypic.com/e9956q.png
|
Posted by madaboutlinux, 02-26-2011, 04:24 AM | The file has indeed updated on 24th Feb, however scan your server once again with ChkRootkit and Rkhunter as LFD is known to generate false alarms. Also upgrade CSF/LFD to it's latest version and perform a system integrity check again.
|
Posted by jackpx, 02-26-2011, 06:10 AM | http://rpmfind.net/linux/RPM/dag/red...rf.x86_64.html
Files
Files
|
|
Add to Favourites
Print this Article |
Also Read