Re: Ubuntu 8.04 kernel variation?



On Jan 29, 8:57 am, dgets...@xxxxxxxxxxxx wrote:
I am in the process of tracking down probable intrusions into our
network on a few machines right now that are running Ubuntu 8.04 Desktop
[...]
What I'm wondering is if there is anything that would have affected this
other than intrusion? As I stated there were no packages added
regarding different kernels; I'm pretty sure that this /boot/vmlinuz*
binary should not change sizes based just on possible module insertion
or anything, too. Can anyone help me confirm that this is indeed a sign
of probable malicious intrusion?

FWIW, here are the files on my Ubuntu system; seems I missed
2.6.24-20:

Ubuntu 8.04.1, kernel 2.6.24-18-generic, 3-JUNE-2008
Ubuntu 8.04.1, kernel 2.6.24-19-generic, 28-AUGUST-2008
Ubuntu 8.04.1, kernel 2.6.24-21-generic, 21-OCTOBER-2008
Ubuntu 8.04.1, kernel 2.6.24-22-generic, 24-NOVEMBER-2008
Ubuntu 8.04.1, kernel 2.6.24-23-generic, 27-NOVEMBER-2008

7455526 2008-06-03 23:20 initrd.img-2.6.24-18-generic
7494286 2008-08-26 19:06 initrd.img-2.6.24-19-generic
7496655 2008-11-06 22:38 initrd.img-2.6.24-21-generic
7493953 2008-12-11 18:10 initrd.img-2.6.24-22-generic
7495372 2009-01-21 18:26 initrd.img-2.6.24-23-generic

sha1sums:
6597ce2b56c897ed5474857f74a928103790291a initrd.img-2.6.24-18-generic
74aaad990cbed986ae8abb4c9b814ce281ca0bab initrd.img-2.6.24-19-generic
62090dd34cd89f839269da560ca1130450575c54 initrd.img-2.6.24-21-generic
603013769a4cd43d33063d37863b46321c21f4f0 initrd.img-2.6.24-22-generic
160f861f36e006bbf60b769f5e86e1aeb97edfa1 initrd.img-2.6.24-23-generic

1921528 2008-05-28 19:39 vmlinuz-2.6.24-18-generic
1921464 2008-08-20 21:46 vmlinuz-2.6.24-19-generic
1920760 2008-10-21 20:12 vmlinuz-2.6.24-21-generic
1921176 2008-11-24 14:47 vmlinuz-2.6.24-22-generic
1921976 2008-11-27 14:13 vmlinuz-2.6.24-23-generic

sha1sums:
5458943366858a2df576b4dc4ea3e4b0df25711f vmlinuz-2.6.24-18-generic
e8a1323c8179010aff82fe7a5c60aaff0272fce3 vmlinuz-2.6.24-19-generic
67a16e7681cb9f1c16928f00be9167daba2876fb vmlinuz-2.6.24-21-generic
00fa7b73e25121d97df5f50fbaff51b849303e4f vmlinuz-2.6.24-22-generic
65a4154f69c8ddc1439e6aaa67ca73518709f614 vmlinuz-2.6.24-23-generic
.



Relevant Pages

  • Re: How to identify where messages come from on a small LAN
    ... NAS (not running Ubuntu) and two or three desktop machines (some of ... machines are sent to me via settings in the /etc/aliases ... configuring your mail system to forward them to you so the mail headers ... I think I'd have to set up an actual destination for each server to send ...
    (Ubuntu)
  • Re: How to identify where messages come from on a small LAN
    ... NAS (not running Ubuntu) and two or three desktop machines (some of ... machines are sent to me via settings in the /etc/aliases ... Have you considered aliasing to addresses like root_serverx@xxxxxxx then ... configuring your mail system to forward them to you so the mail headers ...
    (Ubuntu)
  • Re: Health and Well-being
    ... I am running ubuntu on an old PC, it isn't bad, you have to relearn everything lol. ... ya cant say it is less complicated than windows, but it does run fairly well on old machines, with more memory better performance still holds true! ...
    (rec.motorcycles.dirt)
  • Re: Recover Deleted WinXP
    ... Since I have the computers and the licences, is there any way to get ... At the moment I am running UBUNTU, ... rather have WinXP running on these two machines. ... If the licenses were originally for the retail version, ...
    (microsoft.public.windowsxp.general)