Re: My machine compromised?
From: Joerg Johannes (liste_joerg_at_gmx.de)
Date: 12/03/03
- Previous message: Vanh Phom: "My machine compromised?"
- In reply to: Vanh Phom: "My machine compromised?"
- Next in thread: Tim Ruehsen: "Re: My machine compromised?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
To: debian-user@lists.debian.org Date: Wed, 03 Dec 2003 10:32:31 +0100
Am Mi, den 03.12.2003 schrieb Vanh Phom um 10:03:
> Hi folk,
> After reading on report of servers compromised. Just for curiorsity I
> run chkrootkit on my own machine and come up with this result:
>
> Searching for anomalies in shell history files... nothing found
> Checking `asp'... not infected
> Checking `bindshell'... not infected
> Checking `lkm'... You have 12 process hidden for readdir command
> You have 12 process hidden for ps command
> Warning: Possible LKM Trojan installed
> Checking `rexedcs'... not found
> Checking `sniffer'...
> eth0: PROMISC
>
> Is my machine compromised? How to fix this?
Did you read /usr/share/doc/chkrootkit/README.Debian ? No you didn't.
noflushd: A running noflushd and a 2.2 kernel may cause chkrootkit to
warn
about the presence of lkm.
On 2.4.20: noflushd may trigger lkm warnings as well. --paolo
lkm: In general, any process starting at around same time as lkm test
may
trigger a warning. Just try
while true;do chkrootkit lkm;sleep 1;done
during normal system use. See also FAQ 6 on www.chkrootkit.org r--
paolo
> Vanh
joerg
-- Gib GATES keine Chance!
-- To UNSUBSCRIBE, email to debian-user-request@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
- application/pgp-signature attachment: Dies ist ein digital signierter Nachrichtenteil
- Previous message: Vanh Phom: "My machine compromised?"
- In reply to: Vanh Phom: "My machine compromised?"
- Next in thread: Tim Ruehsen: "Re: My machine compromised?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
