Beagled for MS installed ???

Printable View

08-19-2008, 02:02 AM
unix

Beagled for MS installed ???

I did a ps -eF, and found this running:
beagled /usr/lib64/beagle/BeagleDaemon.exe --bg

WTF? Beagle should not be running, and .exe?

The results of file * and ls -l in /usr/lib64/beagle appear below.
My question is, has my machine been cracked? I installed compiz
last Saturday to play with it a little, but have disabled that.

I do download an indexing package from a remote server, which
is reported as having an incorrect authentication, but unless
there is a man in the middle relaying everything both ways in
addition to its malbeahavior this should not be the problem.

Does anyone else have this stuff on the system?

[jim@localhost beagle]$ pwd
/usr/lib64/beagle
[jim@localhost beagle]$ file *
Backends: directory
BeagleDaemon.exe: MS-DOS executable PE for MS Windows
(console) Intel 80386 32-bit Mono/.Net assembly
BeagleDaemon.exe.mdb: data
BeagleDaemonLib.dll: MS-DOS executable PE for MS Windows
(DLL) (console) Intel 80386 32-bit Mono/.Net assembly
BeagleDaemonLib.dll.mdb: data
BeagleDaemonPlugins.dll: MS-DOS executable PE for MS Windows
(DLL) (console) Intel 80386 32-bit Mono/.Net assembly
BeagleDaemonPlugins.dll.mdb: data
beagled-index-helper: Bourne shell script text executable
Beagle.dll: MS-DOS executable PE for MS Windows
(DLL) (console) Intel 80386 32-bit Mono/.Net assembly
Beagle.dll.mdb: data
BuildIndex.exe: MS-DOS executable PE for MS Windows
(console) Intel 80386 32-bit Mono/.Net assembly
BuildIndex.exe.mdb: data
Config.exe: MS-DOS executable PE for MS Windows
(console) Intel 80386 32-bit Mono/.Net assembly
Config.exe.mdb: data
DocExtractor.exe: MS-DOS executable PE for MS Windows
(console) Intel 80386 32-bit Mono/.Net assembly
DocExtractor.exe.mdb: data
DumpIndex.exe: MS-DOS executable PE for MS Windows
(console) Intel 80386 32-bit Mono/.Net assembly
DumpIndex.exe.mdb: data
ExtractContent.exe: MS-DOS executable PE for MS Windows
(console) Intel 80386 32-bit Mono/.Net assembly
ExtractContent.exe.mdb: data
Filters: directory
IndexHelper.exe: MS-DOS executable PE for MS Windows
(console) Intel 80386 32-bit Mono/.Net assembly
IndexHelper.exe.mdb: data
Info.exe: MS-DOS executable PE for MS Windows
(console) Intel 80386 32-bit Mono/.Net assembly
Info.exe.mdb: data
libbeagleglue.so: symbolic link to `libbeagleglue.so.0.0.0'
libbeagleglue.so.0: symbolic link to `libbeagleglue.so.0.0.0'
libbeagleglue.so.0.0.0: ELF 64-bit LSB shared object, x86-64,
version 1 (SYSV), stripped
ManageIndex.exe: MS-DOS executable PE for MS Windows
(console) Intel 80386 32-bit Mono/.Net assembly
ManageIndex.exe.mdb: data
Query.exe: MS-DOS executable PE for MS Windows
(console) Intel 80386 32-bit Mono/.Net assembly
Query.exe.mdb: data
Shutdown.exe: MS-DOS executable PE for MS Windows
(console) Intel 80386 32-bit Mono/.Net assembly
Shutdown.exe.mdb: data
Util.dll: MS-DOS executable PE for MS Windows
(DLL) (console) Intel 80386 32-bit Mono/.Net assembly
Util.dll.config: ASCII text
Util.dll.mdb: data

[jim@localhost beagle]$ pwd
/usr/lib64/beagle
[jim@localhost beagle]$ ls -l
total 2568
drwxr-xr-x 2 root root 4096 2008-07-29 20:22 Backends/
-rw-r--r-- 1 root root 27648 2008-07-29 17:41 BeagleDaemon.exe
-rw-r--r-- 1 root root 8052 2008-07-29 17:41 BeagleDaemon.exe.mdb
-rw-r--r-- 1 root root 702976 2008-07-29 17:41 BeagleDaemonLib.dll
-rw-r--r-- 1 root root 705990 2008-07-29 17:41 BeagleDaemonLib.dll.mdb
-rw-r--r-- 1 root root 15872 2008-07-29 17:41 BeagleDaemonPlugins.dll
-rw-r--r-- 1 root root 11929 2008-07-29 17:41
BeagleDaemonPlugins.dll.mdb
-rwxr-xr-x 1 root root 1380 2008-07-29 17:41 beagled-index-helper*
-rw-r--r-- 1 root root 53760 2008-07-29 17:41 Beagle.dll
-rw-r--r-- 1 root root 46643 2008-07-29 17:41 Beagle.dll.mdb
-rw-r--r-- 1 root root 22016 2008-07-29 17:41 BuildIndex.exe
-rw-r--r-- 1 root root 7903 2008-07-29 17:41 BuildIndex.exe.mdb
-rw-r--r-- 1 root root 13824 2008-07-29 17:41 Config.exe
-rw-r--r-- 1 root root 4896 2008-07-29 17:41 Config.exe.mdb
-rw-r--r-- 1 root root 5120 2008-07-29 17:41 DocExtractor.exe
-rw-r--r-- 1 root root 880 2008-07-29 17:41 DocExtractor.exe.mdb
-rw-r--r-- 1 root root 13312 2008-07-29 17:41 DumpIndex.exe
-rw-r--r-- 1 root root 4468 2008-07-29 17:41 DumpIndex.exe.mdb
-rw-r--r-- 1 root root 12288 2008-07-29 17:41 ExtractContent.exe
-rw-r--r-- 1 root root 5590 2008-07-29 17:41 ExtractContent.exe.mdb
drwxr-xr-x 2 root root 4096 2008-07-29 20:22 Filters/
-rw-r--r-- 1 root root 12800 2008-07-29 17:41 IndexHelper.exe
-rw-r--r-- 1 root root 3837 2008-07-29 17:41 IndexHelper.exe.mdb
-rw-r--r-- 1 root root 9728 2008-07-29 17:41 Info.exe
-rw-r--r-- 1 root root 2495 2008-07-29 17:41 Info.exe.mdb
lrwxrwxrwx 1 root root 22 2008-07-29 20:22 libbeagleglue.so ->
libbeagleglue.so.0.0.0*
lrwxrwxrwx 1 root root 22 2008-07-29 20:22 libbeagleglue.so.0 ->
libbeagleglue.so.0.0.0*
-rwxr-xr-x 1 root root 46280 2008-07-29 17:41 libbeagleglue.so.0.0.0*
-rw-r--r-- 1 root root 7680 2008-07-29 17:41 ManageIndex.exe
-rw-r--r-- 1 root root 1689 2008-07-29 17:41 ManageIndex.exe.mdb
-rw-r--r-- 1 root root 13824 2008-07-29 17:41 Query.exe
-rw-r--r-- 1 root root 3322 2008-07-29 17:41 Query.exe.mdb
-rw-r--r-- 1 root root 3584 2008-07-29 17:41 Shutdown.exe
-rw-r--r-- 1 root root 437 2008-07-29 17:41 Shutdown.exe.mdb
-rw-r--r-- 1 root root 414720 2008-07-29 17:41 Util.dll
-rw-r--r-- 1 root root 85 2008-07-29 17:41 Util.dll.config
-rw-r--r-- 1 root root 347550 2008-07-29 17:41 Util.dll.mdb

jim b.

--
UNIX is not user unfriendly; it merely
expects users to be computer-friendly.
08-19-2008, 02:19 AM
unix

Re: Beagled for MS installed ???

Hmmm. Seems I may have gone off half-****ed, or my
system has been cracked for months. Took at look at
backups dating back to February, and these and other
*.exe files were on the system.

Guess that demonstrates I do not look at everything
on my system.

jim b.

--
UNIX is not user unfriendly; it merely
expects users to be computer-friendly.
08-19-2008, 04:36 AM
unix

Re: Beagled for MS installed ???

On Mon, 18 Aug 2008 22:19:26 -0400, Jim Beard <jdbeard@patriot.net> wrote:
[color=blue]
> Hmmm. Seems I may have gone off half-****ed, or my
> system has been cracked for months. Took at look at
> backups dating back to February, and these and other
> *.exe files were on the system.[/color]

Those are normal files for beagle ...
$ rpm -q -f /usr/lib/beagle/BeagleDaemon.exe
beagle-0.3.3-7.1mdv2008.1

Regards, Dave Hodgins

--
Change nomail.afraid.org to ody.ca to reply by email.
(nomail.afraid.org has been set up specifically for
use in usenet. Feel free to use it yourself.)
08-20-2008, 12:25 AM
unix

Re: Beagled for MS installed ???

David W. Hodgins wrote:[color=blue]
> On Mon, 18 Aug 2008 22:19:26 -0400, Jim Beard <jdbeard@patriot.net> wrote:
>[color=green]
>> Hmmm. Seems I may have gone off half-****ed, or my
>> system has been cracked for months. Took at look at
>> backups dating back to February, and these and other
>> *.exe files were on the system.[/color]
>
> Those are normal files for beagle ...
> $ rpm -q -f /usr/lib/beagle/BeagleDaemon.exe
> beagle-0.3.3-7.1mdv2008.1[/color]

Thanks for confirmation.

I am a little unhappy that file * returned "MS-DOS executable PE
for MS Windows (console) Intel 80386 32-bit Mono/.Net assembly "

I expected it to work as file does under Solaris, i.e. check the
first 512 bytes, look for magic numbers, and generally discriminate
between things that are M$ executables and things that just have a
name that looks like a M$ executable.

No cheers on this version of file.

jim b.

--
UNIX is not user unfriendly; it merely
expects users to be computer-friendly.
08-20-2008, 02:15 AM
unix

Re: Beagled for MS installed ???

On Tue, 19 Aug 2008 20:25:38 -0400, Jim Beard <jdbeard@patriot.net> wrote:
[color=blue]
> David W. Hodgins wrote:[color=green]
>> Those are normal files for beagle ...
>> $ rpm -q -f /usr/lib/beagle/BeagleDaemon.exe
>> beagle-0.3.3-7.1mdv2008.1[/color]
>
> I expected it to work as file does under Solaris, i.e. check the
> first 512 bytes, look for magic numbers, and generally discriminate
> between things that are M$ executables and things that just have a
> name that looks like a M$ executable.[/color]

If you look at /usr/lib/beagle/BeagleDaemon.exe, it certainly looks like a
windows executable. Starts with MZ, has "This program cannot be run in DOS mode",
so it looks like a PE format file to me.

Now why beagle is using PE format executables, on linux, I have no idea.

Regards, Dave Hodgins

--
Change nomail.afraid.org to ody.ca to reply by email.
(nomail.afraid.org has been set up specifically for
use in usenet. Feel free to use it yourself.)
08-20-2008, 06:51 AM
unix

Re: Beagled for MS installed ???

Em Quarta, 20 de Agosto de 2008 03:15, David W. Hodgins escreveu:
[color=blue][color=green]
>>[/color]
> If you look at /usr/lib/beagle/BeagleDaemon.exe, it certainly looks like a
> windows executable. Starts with MZ, has "This program cannot be run in
> DOS mode", so it looks like a PE format file to me.
>
> Now why beagle is using PE format executables, on linux, I have no idea.[/color]

I have the idea that these binarys doesn't even run at all, unless in a
emulated enviroment... i don't have that program installed, but took a look
at the list of files in the package and there is a lot of EXEs in there.

beagle has been added to my list of "never install this".

regards