[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] Resetting Chkrootkit

Subject: Re: [cobalt-security] Resetting Chkrootkit
From: "Jonathan Michaelson" <michaelsonjd@xxxxxxxxxxx>
Date: Fri, 16 Jan 2004 18:04:06 -0000
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

> I would like to know how to reset one of the triggers installed
> with chkrootkit, wted. My output shows:
>
> Checking `wted'... 1 deletion(s) between Wed Jan 14 21:18:12 2004
> and Wed Jan 14 21:47:20 2004
>
> and I believe this is due to a hard reboot forced by my failing
> memory.

If you're happy that it's nothing nefarious then I believe that you can get
rid of it by rotating /var/log/wtmp

login as root:
cd /var/log
mv wtmp wtmp.old
touch wtmp
chmod 0644 wtmp

Log in to the shell from another SSH session and make sure /var/log/wtmp is
> 0 blocks (don't try cat it's in binary). Try chkrootkit again.

--
Regards,
Jonathan Michaelson

http://www.webumake.com - Commercial CGI Script Developers
Web-based Email / HomePages / Instant Helper Chat / Download License Manager

References:
- [cobalt-security] Resetting Chkrootkit
  - From: Jon

Prev by Date: RE: [cobalt-security] Resetting Chkrootkit
Next by Date: [cobalt-security] RE: Resetting Chkrootkit
Previous by thread: RE: [cobalt-security] Resetting Chkrootkit
Next by thread: RE: [cobalt-security] Resetting Chkrootkit

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index