[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] Raq550 Chkroot Command results -HELP
- Subject: Re: [cobalt-users] Raq550 Chkroot Command results -HELP
- From: "John D. Gorena" <Support@xxxxxxxxxxxxxxxxxxx>
- Date: Wed Mar 19 06:07:01 2003
- Organization: http://www.JMG-Enterprises.com
- List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>
Again, U DA Man!
Thanks,
John D. Gorena
Gerald Waugh wrote:
>
> On Wed, 19 Mar 2003, John D. Gorena wrote:
>
> > I ran a checkroot and now I see this section changed
> >
> > Checking `lkm'... You have 1 process hidden for readdir command
> > You have 1 process hidden for ps command
> > Warning: Possible LKM Trojan installed
> > Checking `rexedcs'... not found
> > Checking `sniffer'...
> > eth0 is not promisc
> > eth1 is not promisc
> >
> >
> > What is it and how tdo I get rid of it.
> >
>
> Run chkrootkit multiple times, see if it repeats.
> IIRC chkrootkit does something like;
> takes a snapshot of processes,
> and a process can end before chkrootkit finishes,
> then it considers taht there may be a hidden process.
>
> Gerald
> --
> http://frontstreetnetworks.com | http://store.raqware.com
> ICQ 229276628 | Phone: +1 203 785-0699
> Front Street Networks LLC, 229 Front Street, Ste. #C,
> New Haven, CT. 06513-3203 United States of America
>
> _____________________________________
> cobalt-users mailing list
> cobalt-users@xxxxxxxxxxxxxxx
> To subscribe/unsubscribe, or to SEARCH THE ARCHIVES, go to:
> http://list.cobalt.com/mailman/listinfo/cobalt-users
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
\\|// John D. Gorena, PC Services & Internet Marketing
\\\|/// http://www.JMG-Enterprises.com
\\ ~ ~ // Office: 972-315-5377
(\ @ @ /) John.Gorena@xxxxxxxxxxxxxxxxxxx
~~oOOo~(_)~oOOo~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~