Re: [tlug] warning message

[Jack Morgan <j-morgan@example.com>]

On Sun, Mar 10, 2002 at 04:32:41AM +0900, Gavin wrote:
> Guru's,
> 
> I just updates my ssh package via mandrake update, and when the system did a 
> file check I got a message stating, and I quote" md5 checksum for one of your 
> suid files have changed, maybe an intruder modified one of these suid binary 
> in order to put in a back door." 
> 		
> 		Check sum changed /usr/bin/ssh
> 
> should I be worried? 
 
What do you think? 

> if more info is need please let me know.

This is something you can easily check. Every Linux distribution has a security
announcement mailing list and/or web page. Mandrakes is

http://www.mandrakesecure.net/en/advisories/2002/MDKSA-2002-019.php?dis=8.1

If you look at this page, you can see something like:

 44ff50aad9a9696ee747d201b9a3bd5f  8.1/RPMS/openssh-3.1p1-1.1mdk.i586.rpm

Where 44ff50aad9a9696ee747d201b9a3bd5f is the md5 checksum. This is what the
md5 checksum *should* be. At this point, check your openssh package you have
installed to make sure the md5 checksum is as it should be. If it isn't...

From the link above:
    Verification:

	Please verify the update prior to upgrading to ensure the integrity 
	of the downloaded package. You can do this with the command:

	rpm --checksig package.rpm
      

Hope this helps,
-- 
jack_morgan					j-morgan@example.com