[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] Raq550 Chkroot Command results -HELP

Subject: Re: [cobalt-users] Raq550 Chkroot Command results -HELP
From: Gerald Waugh <gwaugh@xxxxxxxxxxxxxxxxxxxxxxx>
Date: Wed Mar 19 05:58:00 2003
List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>

On Wed, 19 Mar 2003, John D. Gorena wrote:

> I ran a checkroot and now I see this section changed
>
> Checking `lkm'... You have     1 process hidden for readdir command
> You have     1 process hidden for ps command
> Warning: Possible LKM Trojan installed
> Checking `rexedcs'... not found
> Checking `sniffer'...
> eth0 is not promisc
> eth1 is not promisc
>
>
> What is it and how tdo I get rid of it.
>

Run chkrootkit multiple times, see if it repeats.
IIRC chkrootkit does something like;
takes a snapshot of processes,
and a process can end before chkrootkit finishes,
then it considers taht there may be a hidden process.


Gerald
--
http://frontstreetnetworks.com | http://store.raqware.com
     ICQ 229276628     |    Phone: +1 203 785-0699
Front Street Networks LLC,  229 Front Street, Ste. #C,
New Haven, CT. 06513-3203 United States of America

Follow-Ups:
- Re: [cobalt-users] Raq550 Chkroot Command results -HELP
  - From: John D. Gorena

References:
- [cobalt-users] Raq550 Chkroot Command results -HELP
  - From: John D. Gorena

Prev by Date: RE: [cobalt-users] RAQbackup for raq 550
Next by Date: Re: [cobalt-users] Raq550 Chkroot Command results -HELP
Previous by thread: [cobalt-users] Raq550 Chkroot Command results -HELP
Next by thread: Re: [cobalt-users] Raq550 Chkroot Command results -HELP

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index