[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] chkrootkit

Subject: Re: [cobalt-users] chkrootkit
From: Jeff Lasman <jblists@xxxxxxxxxxxxx>
Date: Mon Aug 5 10:00:01 2002
Organization: nobaloney.net
List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>

Gerald Waugh wrote:

> Seems like I have heard that before.
> And it does seem to be a reasonable explnation.

Yes, it's right, and it does happen.  But if you get repeated positives
you probably do have a problem; we generally don't get repeated
positives even in checking hourly.

You can check as often as you want by putting some code into a cron job:

 #!/bin/sh
 cd /root/installed/chkrootkit-0.35/
 ./chkrootkit > /root/chkrootkit.out
 mail jlasman@xxxxxxxxxxxxx < /root/chkrootkit.out

(Be sure to fix your paths to match your system.)

While it can be done in less lines, this also leaves a copy on your
server.  Which you may or may not want.

Jeff
-- 
Jeff Lasman <jblists@xxxxxxxxxxxxx>
Linux and Cobalt/Sun/RaQ Consulting
nobaloney.net, P. O. Box 52672, Riverside, CA  92517
voice: +1 909 778-9980  *  fax: +1 909 548-9484

Follow-Ups:
- Re: [cobalt-users] chkrootkit
  - From: Jeff Lasman
- RE: [cobalt-users] chkrootkit
  - From: Bob G7

References:
- RE: [cobalt-users] chkrootkit
  - From: Gerald Waugh

Prev by Date: [cobalt-users] How to read CPU Load Numbers
Next by Date: Re: [cobalt-users] How to read CPU Load Numbers
Previous by thread: RE: [cobalt-users] chkrootkit
Next by thread: Re: [cobalt-users] chkrootkit

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index