[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-users] chkrootkit

Subject: RE: [cobalt-users] chkrootkit
From: "Ryan Howe" <ryan@xxxxxxxxxx>
Date: Tue Feb 25 06:49:00 2003
List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>

-----Original Message-----
From: cobalt-users-admin@xxxxxxxxxxxxxxx
[mailto:cobalt-users-admin@xxxxxxxxxxxxxxx]On Behalf Of Bruce Timberlake
Sent: Monday, February 24, 2003 9:03 PM
To: cobalt-users@xxxxxxxxxxxxxxx
Subject: Re: [cobalt-users] chkrootkit

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> Yes I did.  But then I did delete some of the files in /tmp and
> that cleared the LKM messages about hidden processes.  I thought
> slapper only infected MS database products? Any suggestions?

Slapper is the Apache-SSL worm...

You're thinking of the recent SlaMMer (aka Sapphire) worm... :)

- --
Bruce Timberlake

Well I ran chkrootkit again this morning and recieved all the original
warnings again so deleteting the tmp files is not doing the trick.  Is it
best to just dump the box and start over with it?  I'm not sure how we can
do this, it is a radius,mail,web server for about 1900 customers.  I'm not
sure how we can bring it down even for 5 minutes let alone a OS restore and
setup the sites again.  I can hear the phone lines ringing already :(

Follow-Ups:
- RE: [cobalt-users] chkrootkit
  - From: David Lucas

References:
- Re: [cobalt-users] chkrootkit
  - From: Bruce Timberlake

Prev by Date: Re: [cobalt-users] PTR Dns config on RAQ 550
Next by Date: RE: [cobalt-users] chkrootkit
Previous by thread: Re: [cobalt-users] chkrootkit
Next by thread: RE: [cobalt-users] chkrootkit

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index