-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Saturday 31 January 2004 11:59 am, Togan Muftuoglu wrote:
* Togan Muftuoglu; <toganm@dinamizm.com> on 31 Jan, 2004 wrote:
disconnect the machine from the internet NOW. make a backup of your data files (no executables nor librarries) Make a fresh install update all the packages using YOU
Is this an issue or is chkroot being fooled by the newer version? I'm also curious about the "Checking `lkm'... You have 5 process hidden for ps command" result. Whats up with that?
You have been r00ted :-(
Actually it would be a better idea to give a reference point so learning also takes place
http://www.cert.org/tech_tips/win-UNIX-system_compromise.html
Thanks for the link, I'll start reading. I'm curious though if checkroot couldn't be confused by a newer version of a command. As for the "5 process hidden for ps", is there a way for me to find out what these proscesses are? As further investigation I installed the previous rpm (ps-2003.9.20-6.i586.rpm) from SuSE and then ran checkroot again, this time no errors were reported. Then reinstalled the rpm from the apt repository and the errors appear again. I know this doesn't mean that I haven't been rooted but it really points a finger at the ps_2003.11.17-18_i586.rpm from ftp://ftp.gwdg.de/pub/linux/suse/apt/SuSE/9.0-i386/RPMS.suse-people (the apt archive) If so anyone using apt for their upgrades should be concerned about this. I'd appreciate it if anyone else who has installed that rpm could confirm my findings. I eagerly await your replies:-) - -- dh Don't shop at GoogleGear.com! -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) iD8DBQFAHD/GBwgxlylUsJARAnikAJwLyt5NlD98oQjPQmMwJ9AUcqJEDgCfeid3 ockr/c446SO+XneADDGhzn0= =XvOJ -----END PGP SIGNATURE-----