[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] Detecting openssl Apache worm (slapper) automatically on your RaQs
- Subject: Re: [cobalt-users] Detecting openssl Apache worm (slapper) automatically on your RaQs
- From: jale@xxxxxxxxxx
- Date: Tue Sep 17 15:11:09 2002
- List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>
The latest release of ChkRootKit (0.37) now detects the Apache OpenSSL
worm (slapper) when run. The latest version is an easy install on a
RaQ. Here's a set of instructions to help you install it, use it, and get
it automated.
Product Name: Chkrootkit-0.37
Web page: http://www.chkrootkit.org/
This worked great, boy do I love detailed instructions, especially
documented ones :)
The only step you left out, but I did figure this all by myself, chmod +x
/usr/bin/gcc :) :)
(got this from following the thread thus far)
And to my happiness, EVERYTHING checked out cleanly with the chkroot
I hope when this thread settles out, that someone, one of the smart people
on this list, put together one nice post that says, okay, if you have a
RAQ3/4/... to solve the slapper worm, the ssl, the
this-that-and-the-other-thing that were all done this week, do this ...
I am so confused right now, and I have followed these threads pretty
carefully on this and the developers list, but I'm not sure if the ssl and
slapper worm are one and the same; does the -x on gcc prevent all these
problems or does that solve something totally different, etc.
I just confused. And I assume I'm not the only one :)
Thanks for all the help that's been coming down - maybe I should apologize
for sending the original message about "do we need to worry about this -
CERT ...".
Jale