Login or Register to Ask a Question and Join Our Community


AIX

Suspicious file

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Operating Systems AIX Suspicious file
# 1  
Old 03-08-2011
Suspicious file
Hi All,

I'm investigating a suspicious file on AIX but have not enough knowledge about the AIX patch environment.

My situation:
Code:
# ls -l /usr/bin/shell
sys1: -r-sr-xr-x    1 root     security       5326 Jun 05 2009  /usr/bin/shell
sys2: -r-sr-xr-x    1 root     security       5294 Jun 20 2006  /usr/bin/shell

Why are both files not the same regarding date and size?

Code:
# oslevel -s
sys1: 5300-11-02-1007
sys2: 5300-11-02-1007

# lslpp -L | grep bos.rte.security
sys1:   bos.rte.security          5.3.11.1    C     F    Base Security Function
sys2:   bos.rte.security          5.3.11.1    C     F    Base Security Function

As far as I can see both system are running the same OS (level and patches).

What worries me is that other files in the bos.rte.security fileset are equal on both systems regarding date and size. So why is /usr/bin/shell different?

What is the AIX procedure to investigate this case?

Is there a way to find the patch/apar that contains /usr/bin/shell so I can found the date and size /usr/bin/shell should be?

Greetings,
Peter
# 2  
Old 03-08-2011
That's small enough it might even be a shell script, you can look at it with less or compare with diff and see what's different...
# 3  
Old 03-08-2011
I have a server setting at AIX 5300-06-03-0732 and one setting at AIX 5300-12-01-1016 and both came back with the same file size as your system #2. Also both file have the same cksum values. Since this is a executable (RISC System/6000) file it's kind of hard to do a diff, unless there is a command out there to diffs on this type of file.

Were both of these boxes installed in the same fashion? Just thinking maybe one was a migration and one was a fresh install from CD/DVD. I don't have a box that has a fresh install to compare. Just a thought.

Justin
# 4  
Old 03-09-2011
Both systems were installed with the same method (NIM) but the base installation was not the same level.

Code:
# lslpp -ah bos.rte.security
sys1: 5.3.9.1 COMMIT COMPLETE 06/05/09 18:17:00
        5.3.11.1 COMMIT COMPLETE 03/06/10 10:57:45
        5.3.11 APPLY COMPLETE 03/06/10 10:52:51
sys2: 5.3.0.40 COMMIT COMPLETE 06/20/06 03:43:26
         5.3.11.1 COMMIT COMPLETE 03/06/10 11:46:51
        5.3.11.1 APPLY COMPLETE 03/06/10 11:30:06

Still wondering why thios one particular file was not update where all other files in bos.rte.security have dates matching the output of above lslpp command.

--Peter
# 5  
Old 03-09-2011
most likely this file is not updated ever by a ML/TL - so you keep what you had during base install of the OS - and when you installed different versions of the OS than you just have a slightly different version of this ?

Regards
zxmaus
# 6  
Old 03-17-2011
run
Code:
lslpp -w /usr/bin/shell

I think your looking at the wrong package.
# 7  
Old 03-17-2011
Code:
$ lslpp -w /usr/bin/shell
  File                                        Fileset               Type
  ----------------------------------------------------------------------------
  /usr/bin/shell                              bos.rte.security      File

Login or Register to Ask a Question

Previous Thread | Next Thread

4 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

Shell script (sh file) logic to compare contents of one file with another file and output to file

Shell script logic Hi I have 2 input files like with file 1 content as (file1) "BRGTEST-242" a.txt "BRGTEST-240" a.txt "BRGTEST-219" e.txt File 2 contents as fle(2) "BRGTEST-244" a.txt "BRGTEST-244" b.txt "BRGTEST-231" c.txt "BRGTEST-231" d.txt "BRGTEST-221" e.txt I want to get... (22 Replies)
Discussion started by: pottic
22 Replies

2. Shell Programming and Scripting

Compare 2 text file with 1 column in each file and write mismatch data to 3rd file

Hi, I need to compare 2 text files with around 60000 rows and 1 column. I need to compare these and write the mismatch data to 3rd file. File1 - file2 = file3 wc -l file1.txt 58112 wc -l file2.txt 55260 head -5 file1.txt 101214200123 101214700300 101250030067 101214100500... (10 Replies)
Discussion started by: Divya Nochiyil
10 Replies

3. Shell Programming and Scripting

Match list of strings in File A and compare with File B, C and write to a output file in CSV format

Hi Friends, I'm a great fan of this forum... it has helped me tone my skills in shell scripting. I have a challenge here, which I'm sure you guys would help me in achieving... File A has a list of job ids and I need to compare this with the File B (*.log) and File C (extend *.log) and copy... (6 Replies)
Discussion started by: asnandhakumar
6 Replies

4. UNIX for Dummies Questions & Answers

How do I search my dot files for suspicious text?

My company Unix guru enabled fortune in my .login (dot login?) file. When i asked him how he did it he told me to search my dot files for "suspicious" text. He wants me to learn more about all of the dot files. (1 Reply)
Discussion started by: noobie_doo
1 Replies
Login or Register to Ask a Question