Re: Ubuntu 8.04 kernel variation?



On Jan 29, 8:57 am, dgets...@xxxxxxxxxxxx wrote:
I am in the process of tracking down probable intrusions into our
network on a few machines right now that are running Ubuntu 8.04 Desktop
[...]
What I'm wondering is if there is anything that would have affected this
other than intrusion? As I stated there were no packages added
regarding different kernels; I'm pretty sure that this /boot/vmlinuz*
binary should not change sizes based just on possible module insertion
or anything, too. Can anyone help me confirm that this is indeed a sign
of probable malicious intrusion?

FWIW, here are the files on my Ubuntu system; seems I missed
2.6.24-20:

Ubuntu 8.04.1, kernel 2.6.24-18-generic, 3-JUNE-2008
Ubuntu 8.04.1, kernel 2.6.24-19-generic, 28-AUGUST-2008
Ubuntu 8.04.1, kernel 2.6.24-21-generic, 21-OCTOBER-2008
Ubuntu 8.04.1, kernel 2.6.24-22-generic, 24-NOVEMBER-2008
Ubuntu 8.04.1, kernel 2.6.24-23-generic, 27-NOVEMBER-2008

7455526 2008-06-03 23:20 initrd.img-2.6.24-18-generic
7494286 2008-08-26 19:06 initrd.img-2.6.24-19-generic
7496655 2008-11-06 22:38 initrd.img-2.6.24-21-generic
7493953 2008-12-11 18:10 initrd.img-2.6.24-22-generic
7495372 2009-01-21 18:26 initrd.img-2.6.24-23-generic

sha1sums:
6597ce2b56c897ed5474857f74a928103790291a initrd.img-2.6.24-18-generic
74aaad990cbed986ae8abb4c9b814ce281ca0bab initrd.img-2.6.24-19-generic
62090dd34cd89f839269da560ca1130450575c54 initrd.img-2.6.24-21-generic
603013769a4cd43d33063d37863b46321c21f4f0 initrd.img-2.6.24-22-generic
160f861f36e006bbf60b769f5e86e1aeb97edfa1 initrd.img-2.6.24-23-generic

1921528 2008-05-28 19:39 vmlinuz-2.6.24-18-generic
1921464 2008-08-20 21:46 vmlinuz-2.6.24-19-generic
1920760 2008-10-21 20:12 vmlinuz-2.6.24-21-generic
1921176 2008-11-24 14:47 vmlinuz-2.6.24-22-generic
1921976 2008-11-27 14:13 vmlinuz-2.6.24-23-generic

sha1sums:
5458943366858a2df576b4dc4ea3e4b0df25711f vmlinuz-2.6.24-18-generic
e8a1323c8179010aff82fe7a5c60aaff0272fce3 vmlinuz-2.6.24-19-generic
67a16e7681cb9f1c16928f00be9167daba2876fb vmlinuz-2.6.24-21-generic
00fa7b73e25121d97df5f50fbaff51b849303e4f vmlinuz-2.6.24-22-generic
65a4154f69c8ddc1439e6aaa67ca73518709f614 vmlinuz-2.6.24-23-generic
.