Mailinglist Archive: opensuse-security (332 mails)
| < Previous | Next > |
Chkrootkit Scan
- From: Richard Ibbotson <richard@xxxxxxxxxxxxx>
- Date: Mon, 13 Sep 2004 08:44:40 +0100 (BST)
- Message-id: <Pine.LNX.4.58.0409130837370.10607@xxxxxxxxxxxxxxxxxxx>
Hi
After updating my SuSE 9.1 workstation the other day and downloading
chkrootkit-0.40 and compiling it I ran a scan with this useful utility
program and found...
Searching for Romanian rootkit ... nothing found
Searching for anomalies in shell history files... nothing found
Checking `asp'... not infected
Checking `bindshell'... not infected
Checking `lkm'... You have 12 process hidden for readdir command
You have 12 process hidden for ps command
>>> Warning: Possible LKM Trojan installed <<<
Checking `rexedcs'... not found
Checking `sniffer'...
eth0 is not promisc
Checking `wted'... nothing deleted
Checking `scalper'... not infected
Checking `slapper'... not infected
Anything I can do to investigate this further ? My workstation is
plugged into my domestic network which in turn connects to the net
through an ISDN router/BSD firewall. The SuSEFireall is running on my
workstation as an added precaution although it's probably not doing much
for me in the way of protection.
I'm supposing that this has arrived with some e-mail. Although, Amavis
is installed and running.
Regards
Richard
www.sheflug.co.uk
After updating my SuSE 9.1 workstation the other day and downloading
chkrootkit-0.40 and compiling it I ran a scan with this useful utility
program and found...
Searching for Romanian rootkit ... nothing found
Searching for anomalies in shell history files... nothing found
Checking `asp'... not infected
Checking `bindshell'... not infected
Checking `lkm'... You have 12 process hidden for readdir command
You have 12 process hidden for ps command
>>> Warning: Possible LKM Trojan installed <<<
Checking `rexedcs'... not found
Checking `sniffer'...
eth0 is not promisc
Checking `wted'... nothing deleted
Checking `scalper'... not infected
Checking `slapper'... not infected
Anything I can do to investigate this further ? My workstation is
plugged into my domestic network which in turn connects to the net
through an ISDN router/BSD firewall. The SuSEFireall is running on my
workstation as an added precaution although it's probably not doing much
for me in the way of protection.
I'm supposing that this has arrived with some e-mail. Although, Amavis
is installed and running.
Regards
Richard
www.sheflug.co.uk
| < Previous | Next > |