[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-users] chkrootkit output show possible ambient

Subject: RE: [cobalt-users] chkrootkit output show possible ambient
From: "Steven Depuydt - BeNe.WS" <steven@xxxxxxx>
Date: Wed Nov 20 07:46:02 2002
List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>

What is chkrootkit ?
Where can I download it ?
Does it work on a RAQ3i ?

Thanks,

Steven Depuydt
www.BeNe.WS 

-----Oorspronkelijk bericht-----
Van: cobalt-users-admin@xxxxxxxxxxxxxxx
[mailto:cobalt-users-admin@xxxxxxxxxxxxxxx]Namens alan@
Verzonden: woensdag 20 november 2002 16:04
Aan: cobalt-users@xxxxxxxxxxxxxxx
Onderwerp: [cobalt-users] chkrootkit output show possible ambient


Hi all,

I have just installed the chkrootkit-0.37 tarball.

When I run it, netstat and traceroute come back as infected.
Would they be false positives ?

Also when its checking for Ambients rootkit, it says its possibly there,
then it says its looking for suspicious files, and then lists a mixture of
files. Does this mean yes or no, if the files appear in the list ?
Is suspicious, deadly ?
Here is the relevant section of the output from chkrootkit :

Searching for Ambient's rootkit (ark) default files and dirs... Possible
Ambient's rootkit (ark) installed
Searching for suspicious files and dirs, it may take a while...
/usr/lib/.ark?
/usr/lib/perl5/site_perl/5.005/i386-linux/auto/mod_perl/.packlist
/usr/lib/perl5/site_perl/5.005/i386-linux/auto/MD5/.packlist
/usr/lib/perl5/site_perl/5.005/i386-linux/auto/Quota/.packlist
/usr/lib/perl5/site_perl/5.005/i386-linux/auto/XML/Parser/.packlist
/usr/lib/perl5/site_perl/5.005/i386-linux/auto/Devel/Symdump/.packlist
/usr/lib/perl5/site_perl/5.005/i386-linux/auto/DBI/.packlist
/usr/lib/perl5/site_perl/5.005/i386-linux/auto/Msql-Mysql-modules/.packlist
/usr/lib/perl5/5.00503/i386-linux/.packlist


TIA

Alan


_____________________________________
cobalt-users mailing list
cobalt-users@xxxxxxxxxxxxxxx
To subscribe/unsubscribe, or to SEARCH THE ARCHIVES, go to:
http://list.cobalt.com/mailman/listinfo/cobalt-users

---
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.419 / Virus Database: 235 - Release Date: 13/11/2002

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.419 / Virus Database: 235 - Release Date: 13/11/2002

Follow-Ups:
- RE: [cobalt-users] chkrootkit output show possible ambient
  - From: Gerald Waugh

References:
- [cobalt-users] chkrootkit output show possible ambient
  - From: alan@

Prev by Date: RE: [cobalt-users] raq3 - php default upload path
Next by Date: Re: [cobalt-users] chkrootkit output show possible ambient
Previous by thread: Re: [cobalt-users] chkrootkit output show possible ambient
Next by thread: RE: [cobalt-users] chkrootkit output show possible ambient

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index