[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] Re: cobalt-users digest, Vol 1 #2217 - 21 msgs

Subject: Re: [cobalt-users] Re: cobalt-users digest, Vol 1 #2217 - 21 msgs
From: flash22@xxxxxxx
Date: Mon Feb 26 16:14:02 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

On Mon, 26 Feb 2001, David Ball wrote:

> Hi,
> 
> 	I think I may have a rootkit installed on my RaQ4. The program chkrootkit 
> sh: ./chkrootkit: No such file or directory
Seems to happen with some kits, seems to be a bad sign too

> I tried running some of the individual programs and found the following.
> [root chkrootkit-0.22]# ./chkproc
> You have     2 process hidden for readdir command
> You have     2 process hidden for ps command
> Does this mean the system is compromised and what is the recommended 
> procedure if it is?

Yup, no question, you got hacked....save anything vital, collect evidence
if you can, reinstall from OS restore cd if you want any real assurance
your machine is clean, change *all* passwords on the machine...

Hopefully you have backups of site data...(OS restore will wipe the disk)

gsh

References:
- [cobalt-users] Re: cobalt-users digest, Vol 1 #2217 - 21 msgs
  - From: David Ball

Prev by Date: RE: [cobalt-users] Cobalt to provide compensation for server hack?
Next by Date: [cobalt-users] Strange problem - is it another hack?
Previous by thread: [cobalt-users] Re: cobalt-users digest, Vol 1 #2217 - 21 msgs
Next by thread: [cobalt-users] Strange problem - is it another hack?

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index