[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-users] chkrootkit output show possible ambient
- Subject: [cobalt-users] chkrootkit output show possible ambient
- From: "alan@" <alan@xxxxxxxxx>
- Date: Wed Nov 20 07:05:45 2002
- List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>
Hi all,
I have just installed the chkrootkit-0.37 tarball.
When I run it, netstat and traceroute come back as infected.
Would they be false positives ?
Also when its checking for Ambients rootkit, it says its possibly there,
then it says its looking for suspicious files, and then lists a mixture of
files. Does this mean yes or no, if the files appear in the list ?
Is suspicious, deadly ?
Here is the relevant section of the output from chkrootkit :
Searching for Ambient's rootkit (ark) default files and dirs... Possible
Ambient's rootkit (ark) installed
Searching for suspicious files and dirs, it may take a while...
/usr/lib/.ark?
/usr/lib/perl5/site_perl/5.005/i386-linux/auto/mod_perl/.packlist
/usr/lib/perl5/site_perl/5.005/i386-linux/auto/MD5/.packlist
/usr/lib/perl5/site_perl/5.005/i386-linux/auto/Quota/.packlist
/usr/lib/perl5/site_perl/5.005/i386-linux/auto/XML/Parser/.packlist
/usr/lib/perl5/site_perl/5.005/i386-linux/auto/Devel/Symdump/.packlist
/usr/lib/perl5/site_perl/5.005/i386-linux/auto/DBI/.packlist
/usr/lib/perl5/site_perl/5.005/i386-linux/auto/Msql-Mysql-modules/.packlist
/usr/lib/perl5/5.00503/i386-linux/.packlist
TIA
Alan