This morning I got an email from my server telling me about this list of files that have failed their MD5 check.
I haven't seen any OS updates or anything. Are these the files that maybe targetted by a virus or hacker etc... I wouldn't really know. If they were in C:\Windows\System32 I'd be a bit worried about it but on this CentOS system I'm a bit out of my depth.
/usr/bin/gencat: FAILED
/usr/bin/getconf: FAILED
/usr/bin/getent: FAILED
/usr/bin/iconv: FAILED
/usr/bin/java: FAILED
/usr/bin/keytool: FAILED
/usr/bin/lddlibc4: FAILED
/usr/bin/locale: FAILED
/usr/bin/localedef: FAILED
/usr/bin/orbd: FAILED
/usr/bin/pack200: FAILED
/usr/bin/rmid: FAILED
/usr/bin/rmiregistry: FAILED
/usr/bin/rpcgen: FAILED
/usr/bin/servertool: FAILED
/usr/bin/sprof: FAILED
/usr/bin/tnameserv: FAILED
/usr/bin/unpack200: FAILED
/usr/sbin/build-locale-archive: FAILED
/usr/sbin/glibc_post_upgrade.i686: FAILED
/usr/sbin/iconvconfig: FAILED
/usr/sbin/iconvconfig.i686: FAILED
/usr/sbin/logrotate: FAILED
/usr/sbin/nscd: FAILED
/usr/sbin/rpcinfo: FAILED
/usr/sbin/zdump: FAILED
/usr/sbin/zic: FAILED
/sbin/ldconfig: FAILED
/sbin/sln: FAILED
suddenly I've got a lot of these messages:
Suspicious process running under user haldaemon:
/usr/libexec/hald-addon-keyboard.#prelink#.cMTWEy (deleted)
/usr/libexec/hald-addon-acpi\00\00\00\00\00\88\b9\8f\f6\88\b9\8f\f6\00\00\00\00
(deleted)
/usr/sbin/hald\00]\00\08`r\9c\08\00\00\00\00\8aY\f7\b7A (deleted)
I'm a bit worried...
I haven't seen any OS updates or anything. Are these the files that maybe targetted by a virus or hacker etc... I wouldn't really know. If they were in C:\Windows\System32 I'd be a bit worried about it but on this CentOS system I'm a bit out of my depth.
/usr/bin/gencat: FAILED
/usr/bin/getconf: FAILED
/usr/bin/getent: FAILED
/usr/bin/iconv: FAILED
/usr/bin/java: FAILED
/usr/bin/keytool: FAILED
/usr/bin/lddlibc4: FAILED
/usr/bin/locale: FAILED
/usr/bin/localedef: FAILED
/usr/bin/orbd: FAILED
/usr/bin/pack200: FAILED
/usr/bin/rmid: FAILED
/usr/bin/rmiregistry: FAILED
/usr/bin/rpcgen: FAILED
/usr/bin/servertool: FAILED
/usr/bin/sprof: FAILED
/usr/bin/tnameserv: FAILED
/usr/bin/unpack200: FAILED
/usr/sbin/build-locale-archive: FAILED
/usr/sbin/glibc_post_upgrade.i686: FAILED
/usr/sbin/iconvconfig: FAILED
/usr/sbin/iconvconfig.i686: FAILED
/usr/sbin/logrotate: FAILED
/usr/sbin/nscd: FAILED
/usr/sbin/rpcinfo: FAILED
/usr/sbin/zdump: FAILED
/usr/sbin/zic: FAILED
/sbin/ldconfig: FAILED
/sbin/sln: FAILED
suddenly I've got a lot of these messages:
Suspicious process running under user haldaemon:
/usr/libexec/hald-addon-keyboard.#prelink#.cMTWEy (deleted)
/usr/libexec/hald-addon-acpi\00\00\00\00\00\88\b9\8f\f6\88\b9\8f\f6\00\00\00\00
(deleted)
/usr/sbin/hald\00]\00\08`r\9c\08\00\00\00\00\8aY\f7\b7A (deleted)
I'm a bit worried...
Last edited:
