[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-users] chkrootkit

Subject: RE: [cobalt-users] chkrootkit
From: Gerald Waugh <gwaugh@xxxxxxxxxxxxxxxxxxxxxxx>
Date: Mon Aug 5 05:42:02 2002
List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>

On Mon, 5 Aug 2002, Andy Brown wrote:

> I've seen it before on a RaQ which was never attached to the outside world. Although doing the scan several times, sometimes it came back positive sometimes negative.
> If I read it right, it checks the ps command against /proc values, so i'd assume a process that was quick enough to start/stop could appear in one and not the other.
> Thats the only explanation I could think of, though would be nice somebody to confirm this!!
>

Thanks
Seems like I have heard that before.
And it does seem to be a reasonable explnation.

--
Gerald Waugh <gwaugh@xxxxxxxxxxxxxxxxxxxxxxx>
http://frontstreetnetworks.com | Website Hosts & SOHO Networks
229 Front Street, Ste.#C, New Haven, CT. 06513 United States
voice +1 203-785-0699 | fax +1 203-785-1787

Follow-Ups:
- Re: [cobalt-users] chkrootkit
  - From: Jeff Lasman

References:
- RE: [cobalt-users] chkrootkit
  - From: Andy Brown

Prev by Date: [cobalt-users] Php and mcrypt
Next by Date: Re: [cobalt-users] Perl to check whether a user is administrator
Previous by thread: RE: [cobalt-users] chkrootkit
Next by thread: Re: [cobalt-users] chkrootkit

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index