[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] Raq3 Server being crack

Subject: Re: [cobalt-users] Raq3 Server being crack
From: "Zeffie" <cobaltlist@xxxxxxxx>
Date: Tue Mar 20 14:38:10 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

> I run chkrootkit and got the following results. I don't know if it's >
problem be solve just by deleting the .packlist files? What should I do?

no no no.... those are good files.....

>
> eth0 is not promisc
> eth0:0 is not promisc
> eth0:3 is not promisc
> eth0:1 is not promisc
> eth0:2 is not promisc

This is a good thing

> Checking `lkm'... You have     4 process hidden for readdir command
> You have     4 process hidden for ps command
> Warning: Possible LKM Trojan installed

I have heard complaints like this for a while and in all the systems I
checked, I found nothing.  Upload a clean ps and take a look.  YMMV
otherwise it looks ok....  btw you need to install some security like
portsentry and logcheck if you haven't already.

Zeffie
http://www.zeffie.com/
If this message helps you please help others with just a click!
http://www.thehungersite.com/

References:
- [cobalt-users] Raq3 Server being crack
  - From: Cobalt

Prev by Date: Re: [cobalt-users] Re-Directing users on a 404 error
Next by Date: [cobalt-users] QUBE 3 Firewall Admin and Setup
Previous by thread: [cobalt-users] Raq3 Server being crack
Next by thread: [cobalt-users] Raq3 Server being crack

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index