[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] chkrootkit

Subject: Re: [cobalt-users] chkrootkit
From: Bruce Timberlake <bruce@xxxxxxxxxx>
Date: Mon Feb 24 13:49:01 2003
Organization: BRTNet.org
List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> Is this bad to get this when running chkrootkit? :)
>
> Checking `lkm'... You have     1 process hidden for readdir command
> You have     1 process hidden for ps command
> Warning: Possible LKM Trojan installed
> Checking `rexedcs'... not found
> Checking `sniffer'...
> eth0 is not promisc
> Checking `wted'... nothing deleted
> Checking `scalper'... not infected
> Checking `slapper'... Warning: Possible Slapper Worm installed
> Checking `z2'... user kvken deleted or never loged from lastlog!
> user mull deleted or never loged from lastlog!

I _just_ (at about noon PT) had a client with the same issue (LKM and 
Slapper alerts).  I looked in /tmp and purged some non-relevant files 
that were kinda old.  Reran chkrootkit and all was fine.  Don't know 
if the 'fix' was due to my file deletions or something else.

- -- 
Bruce Timberlake

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQE+WpMpvLA2hUZ9kgwRAr67AKCFZ5zjeWBzbWi40qdRo72Trt0HZwCfU3e5
ER7lcu8SHKjLCk77oesATZU=
=zZlT
-----END PGP SIGNATURE-----

References:
- [cobalt-users] chkrootkit
  - From: Ryan Howe

Prev by Date: [cobalt-users] chkrootkit
Next by Date: RE: Re[3]: [cobalt-users] ASP and MYSQL
Previous by thread: [cobalt-users] chkrootkit
Next by thread: RE: [cobalt-users] chkrootkit

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index