On Friday 31 March 2006 12:00, Daniel Bauer wrote:
I installed chkrootkit, but I never used it till now. Yast says:
"However, it is always recommended that this program be used from a rescue system or a system with a similar purpose."
So, will it damage something, when I run it, or what else is this sentence trying to tell me? Must I make a "rescue system" to use it, and if, how? You see, those are the issues that people coming form such a primitive system like W simply don't get a grip on so easily...
If your system is compromised, you can not trust it anymore. No parts of the software should be trusted. e.g: Your /bin/ls could have been changed to never show the malicious software. Your /bin/ps could have been changed to never show malicious processes. The list goes on... If you boot up from a fresh readonly medium as a CDROM than you start with an "uncompromised " system. And you can trust the output of rpm, lsof, netstat, ls and friends. Only then you can see if the MD5 signatures from the rpm's match your binaries. j -- Jonas Helgi Palsson "Microsoft is not the answer. Microsoft is the question. NO is the answer." -Erik Naggum