[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] Detecting openssl Apache worm (slapper) automatically on your RaQs

Subject: Re: [cobalt-users] Detecting openssl Apache worm (slapper) automatically on your RaQs
From: "Andy Clyde, oxfordmusic.net" <andy.clyde@xxxxxxxxxxxxxxx>
Date: Fri Sep 20 03:11:45 2002
List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>

> --- "Michelle A. Hoyle" <mahlist@xxxxxxxxxxxxx> wrote:
> > The latest release of ChkRootKit (0.37) now detects
> > the Apache
> > OpenSSL worm (slapper) when run.  The latest version
> > is an easy
> > install on a RaQ.  Here's a set of instructions to
> > help you install
> > it, use it, and get it automated.
> >
> > Product Name: Chkrootkit-0.37
> > Web page: http://www.chkrootkit.org/
> > System Requirements: Intel-based RaQ boxes (3 & 4
> > for sure).
>
> I followed the instructions and ran chkroot with the
> following results on a RAQ2.  Please see the PASSWD
> entry.  Nothing else appears to be wrong.  What should
> I do now??
>
<snip>
> Checking `passwd'... INFECTED
</snip>

run it a couple more times to see if it's really a problem or just a false
positive (if a new process starts while chkrootkit is running it can cause
this).

andy

References:
- Re: [cobalt-users] Detecting openssl Apache worm (slapper) automatically on your RaQs
  - From: Harry

Prev by Date: [cobalt-users] How do you reboot a Cobalt 4 server from Telnet
Next by Date: [cobalt-users] list is down?
Previous by thread: [cobalt-users] spamshile
Next by thread: [cobalt-users] Raq3 OpenSSL Fix - Questions

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index