USN-3625-1: Perl vulnerabilities


#1

The USN-3625-1: Perl vulnerabilities is fixed automatically and installed on SecureDrop production instances. It will trigger the following OSSEC alerts and is expected.

OSSEC HIDS Notification.
2018 Apr 17 04:24:16

Received From: mon->syscheck
Rule: 551 fired (level 7) -> "Integrity checksum changed again (2nd time)."
Portion of the log(s):

Integrity checksum changed for: '/usr/bin/perlbug'
OSSEC HIDS Notification.
2018 Apr 17 04:24:23

Received From: mon->syscheck
Rule: 551 fired (level 7) -> "Integrity checksum changed again (2nd time)."
Portion of the log(s):

Integrity checksum changed for: '/usr/bin/perlthanks'
OSSEC HIDS Notification.
2018 Apr 17 04:24:21

Received From: mon->syscheck
Rule: 551 fired (level 7) -> "Integrity checksum changed again (2nd time)."
Portion of the log(s):

Integrity checksum changed for: '/usr/bin/perl'
OSSEC HIDS Notification.
2018 Apr 17 04:25:14

Received From: mon->syscheck
Rule: 551 fired (level 7) -> "Integrity checksum changed again (2nd time)."
Portion of the log(s):

Integrity checksum changed for: '/usr/bin/perl5.18.2'

OSSEC HIDS Notification.
2018 Apr 17 04:24:45

Received From: mon->syscheck
Rule: 551 fired (level 7) -> "Integrity checksum changed again (2nd time)."
Portion of the log(s):

Integrity checksum changed for: '/usr/bin/a2p'

#2

@bmeson do you happen to know what the (2nd time) above means? Please don’t research it, just in case you know from the top of your head :wink: It presumably means this is the second time this binary changed checksum since the machine was installed.


#3

That is absolutely what that means! :wink: