Mailinglist Archive: opensuse (3863 mails)
| < Previous | Next > |
Re: [SLE] chkroot claims top infected
- From: Richard Bos <radoeka@xxxxxxxxx>
- Date: Sun, 1 Feb 2004 20:25:37 +0100
- Message-id: <200402012025.38328.radoeka@xxxxxxxxx>
Op zondag 1 februari 2004 07:10, schreef Anders Johansson:
> On Sunday 01 February 2004 06.25, David Herman wrote:
> > Continuing my investigation I booted up my test machine w/ SuSE 9.0
> > ran checkrootkit and it showed all clean. Then I used synaptic and
> > updated ps (ps_2003.11.17-18_i586.rpm) and nothing else
> > then I ran chkroot again and the errors are there.
>
> chkrootkit is reacting to the string /prof in top. That string isn't in the
> src.rpm, but it is in the binary. That alone is very suspicious. It does
> look like kraxel's binaries are infected. I wonder what other niceties are
> in the binaries in the apt repo
chkrootkit :)
so you can;
apt -y install chkrootkit
--
Richard Bos
Without a home the journey is endless
> On Sunday 01 February 2004 06.25, David Herman wrote:
> > Continuing my investigation I booted up my test machine w/ SuSE 9.0
> > ran checkrootkit and it showed all clean. Then I used synaptic and
> > updated ps (ps_2003.11.17-18_i586.rpm) and nothing else
> > then I ran chkroot again and the errors are there.
>
> chkrootkit is reacting to the string /prof in top. That string isn't in the
> src.rpm, but it is in the binary. That alone is very suspicious. It does
> look like kraxel's binaries are infected. I wonder what other niceties are
> in the binaries in the apt repo
chkrootkit :)
so you can;
apt -y install chkrootkit
--
Richard Bos
Without a home the journey is endless
| < Previous | Next > |