"/bin/su" has been modified?? eh?? tripwire report? hacked?
Rule Name: Operating System Utilities (/bin/su)
Severity Level: 100
-------------------------------------------------------------------------------
Modified:
"/bin/su"
-------------------------------------------------------------------------------
Rule Name: System boot changes (/var/lock/subsys/sshd)
Severity Level: 100
-------------------------------------------------------------------------------
Modified:
"/var/lock/subsys/sshd"
-------------------------------------------------------------------------------
Rule Name: System boot changes (/var/run)
Severity Level: 100
-------------------------------------------------------------------------------
Added:
"/var/run/chkservd.suspend"
"/var/run/sudo/root/1"
-------------------------------------------------------------------------------
Rule Name: OS executables and libraries (/lib)
Severity Level: 100
-------------------------------------------------------------------------------
Added:
"/lib/libgcc_s-3.2.3-20040414.so.1"
Removed:
"/lib/libgcc_s-3.2.3-20031114.so.1"
Modified:
"/lib/cpp"
"/lib/libgcc_s.so.1"
Hmm.. I dont think i even touched libgcc or bin/su file unless cpanel touches them??
Can anyone help?
