From owner-freebsd-security  Tue Dec 11 22:39:20 2001
Delivered-To: freebsd-security@freebsd.org
Received: from pirahna.awe-full.com (s64-180-126-6.bc.hsia.telus.net [64.180.126.6])
	by hub.freebsd.org (Postfix) with ESMTP id 3AAA137B416
	for <security@FreeBSD.ORG>; Tue, 11 Dec 2001 22:39:15 -0800 (PST)
Received: from uniserve.com (pirahna@localhost [127.0.0.1])
	by pirahna.awe-full.com (8.11.6/8.11.6) with ESMTP id fBC6d8H86281
	for <security@FreeBSD.ORG>; Tue, 11 Dec 2001 22:39:08 -0800 (PST)
	(envelope-from landons@uniserve.com)
Message-ID: <3C16FB8C.9020908@uniserve.com>
Date: Tue, 11 Dec 2001 22:39:08 -0800
From: Landon Stewart <landons@uniserve.com>
User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:0.9.6) Gecko/20011125
X-Accept-Language: en-us
MIME-Version: 1.0
To: security@FreeBSD.ORG
Subject: MD5 sum checking for installed binaries to check for intrusion or root kits...
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

A while ago (a few months) recently several administrators were let go, 
but were left to their own devices in the NOC until late that night. 
 (Don't ask me why because I couldn't tell ya!)  I have not noticed any 
strange happenings on any of the systems.

They could have done who knows what to whatever system(s) they wanted 
to.  Without someone saying "reformat the machines or reinstall" because 
thats the obvious answer, is there a way to check which files differ 
from the size they should be and have the correct MD5 sum than they 
should or is this asking too much?

They are all FreeBSD machines (100%), however they differ in their 
version.  Some are 4.0, 4.3 etc...

-- 
  Landon Stewart

  Right of Use:
  The sender intends this message for a specific recipient and, as it 
  may contain information that is privileged or confidential, any use, 
  dissemination, forwarding, or copying by anyone without permission 
  from the sender is prohibited. Personal e-mail may contain views 
  that are not necessarily those of the company.




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message