[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [cobalt-users] LKM Trojans
- Subject: RE: [cobalt-users] LKM Trojans
- From: "Brian Watters" <brwatters@xxxxxxxxxxx>
- Date: Sat Mar 10 03:53:19 2001
- List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>
There is talk about Tripwire in your message here .. how about sharing your
policy file off list .. I would sure like to see what others have done there
rather than reinventing the wheel ..
Brian R. Watters
-----Original Message-----
From: cobalt-users-admin@xxxxxxxxxxxxxxx
[mailto:cobalt-users-admin@xxxxxxxxxxxxxxx]On Behalf Of David Etheridge
Sent: Tuesday, March 06, 2001 3:39 AM
To: cobalt-users@xxxxxxxxxxxxxxx
Subject: RE: [cobalt-users] LKM Trojans
After a reboot the hidden processes are still there but the number of them
doesnt seem related to the number of logins (maybe ruling out a Login
Trojan).
Does anyone know of any legitimate reason that there may be 1 or 2 hidden
processes. I run Portsentry etc but they arent hidden!
Another factor is that I installed OS4 update last week (hence my tripwire
logs were like waaay out!).
Dave Etheridge
-----Original Message-----
From: David Etheridge [mailto:DavidE@xxxxxxxxxxxx]
Sent: 06 March 2001 10:39
To: cobalt-users@xxxxxxxxxxxxxxx
Subject: [cobalt-users] LKM Trojans
I have just done a rootkit check and found hidden processes and a warning of
a possible LKM Trojan installed.
Does anyone know what might have been changed or what I can check for?
Thanks
Dave Etheridge
_______________________________________________
cobalt-users mailing list
cobalt-users@xxxxxxxxxxxxxxx
To Subscribe or Unsubscribe, please go to:
http://list.cobalt.com/mailman/listinfo/cobalt-users
_______________________________________________
cobalt-users mailing list
cobalt-users@xxxxxxxxxxxxxxx
To Subscribe or Unsubscribe, please go to:
http://list.cobalt.com/mailman/listinfo/cobalt-users