Re: [suse-security] chkrootkit vs. 9.1 professional?
using the text I've written. It is available at:
http://portal.suse.com/sdb/de/2004/08/pohletz_chroot_infected_progs.html
Is there an English version of this? :-) Dave.
On Tuesday 17 August 2004 14:18, Dave Lists wrote:
using the text I've written. It is available at:
http://portal.suse.com/sdb/de/2004/08/pohletz_chroot_infected_progs.html
Is there an English version of this? :-)
Seems there is none. But the alternative is: http://babelfish.altavista.com/babelfish/tr?lp=de_en&url=http%3A//portal.suse.com/sdb/de/2004/08/pohletz_chroot_infected_progs.html Be carefull, this is a long URL, it may be wrapped into several lines. Thanks to Konqueror ;) Cheers, Leen
On Tuesday 17 Aug 2004 13:46, Leendert Meyer wrote:
On Tuesday 17 August 2004 14:18, Dave Lists wrote:
using the text I've written. It is available at:
http://portal.suse.com/sdb/de/2004/08/pohletz_chroot_infected_progs.html
Is there an English version of this? :-)
Seems there is none. But the alternative is:
Be carefull, this is a long URL, it may be wrapped into several lines.
Thanks to Konqueror ;)
Cheers,
Leen
Just a quick one ... Both of those URL's fail with 404 failures not there .. -- Linux user No: 256242 Machine No: 139931 G6NJR Pete also MSA registered "Quinton 11" A Linux Only area Happy bug hunting M$ clan PGN
On Tuesday 17 August 2004 16:51, peter Nikolic wrote:
On Tuesday 17 Aug 2004 13:46, Leendert Meyer wrote:
On Tuesday 17 August 2004 14:18, Dave Lists wrote:
using the text I've written. It is available at:
http://portal.suse.com/sdb/de/2004/08/pohletz_chroot_infected_progs.ht ml
Is there an English version of this? :-)
Seems there is none. But the alternative is:
http://babelfish.altavista.com/babelfish/tr?lp=de_en&url=http%3A//portal. suse.com/sdb/de/2004/08/pohletz_chroot_infected_progs.html
Be carefull, this is a long URL, it may be wrapped into several lines.
Thanks to Konqueror ;)
Cheers,
Leen
Just a quick one ...
Goto SuSE's Support Database, make sure the German language is selected, search for 'infected'. I found this: http://portal.suse.com/sdb/de/2004/08/pohletz_chkroot_infected_progs.html Use Konqueror to translate the page (Tools menu). Cheers, Leen
On Tuesday 17 Aug 2004 17:02, Leendert Meyer wrote:
On Tuesday 17 August 2004 16:51, peter Nikolic wrote:
On Tuesday 17 Aug 2004 13:46, Leendert Meyer wrote:
On Tuesday 17 August 2004 14:18, Dave Lists wrote:
using the text I've written. It is available at:
http://portal.suse.com/sdb/de/2004/08/pohletz_chroot_infected_progs.ht ml
Is there an English version of this? :-)
Seems there is none. But the alternative is:
http://babelfish.altavista.com/babelfish/tr?lp=de_en&url=http%3A//portal. suse.com/sdb/de/2004/08/pohletz_chroot_infected_progs.html
Be carefull, this is a long URL, it may be wrapped into several lines.
Thanks to Konqueror ;)
Cheers,
Leen
Just a quick one ...
Goto SuSE's Support Database, make sure the German language is selected, search for 'infected'.
I found this:
http://portal.suse.com/sdb/de/2004/08/pohletz_chkroot_infected_progs.html
Use Konqueror to translate the page (Tools menu).
Cheers,
Leen
Well about typical of Konqueror it dont want to know Still get the right URL and good old Mozilla 1.8a2 behaves right . Pete . -- Linux user No: 256242 Machine No: 139931 G6NJR Pete also MSA registered "Quinton 11" A Linux Only area Happy bug hunting M$ clan PGN
On Wednesday 18 August 2004 00:27, peter Nikolic wrote:
On Tuesday 17 Aug 2004 17:02, Leendert Meyer wrote:
On Tuesday 17 August 2004 16:51, peter Nikolic wrote:
On Tuesday 17 Aug 2004 13:46, Leendert Meyer wrote:
On Tuesday 17 August 2004 14:18, Dave Lists wrote:
using the text I've written. It is available at:
http://portal.suse.com/sdb/de/2004/08/pohletz_chroot_infected_prog s.ht ml
Is there an English version of this? :-)
Seems there is none. But the alternative is:
http://babelfish.altavista.com/babelfish/tr?lp=de_en&url=http%3A//por tal. suse.com/sdb/de/2004/08/pohletz_chroot_infected_progs.html
Be carefull, this is a long URL, it may be wrapped into several lines.
Thanks to Konqueror ;)
Cheers,
Leen
Just a quick one ...
Goto SuSE's Support Database, make sure the German language is selected, search for 'infected'.
I found this:
http://portal.suse.com/sdb/de/2004/08/pohletz_chkroot_infected_progs.html
Use Konqueror to translate the page (Tools menu).
Cheers,
Leen
Well about typical of Konqueror it dont want to know
Still get the right URL and good old Mozilla 1.8a2 behaves right .
Pete .
-- Linux user No: 256242 Machine No: 139931 G6NJR Pete also MSA registered "Quinton 11" A Linux Only area Happy bug hunting M$ clan PGN
http://www.chkrootkit.org/ is the place to look, chrootkit 0.43 . It works here with 9.1. Mike
* Michael Ayers
http://www.chkrootkit.org/ is the place to look, chrootkit 0.43 . It works here with 9.1.
but was last updated 27 Dec 03 there is rkhunter available at http://www.rootkit.nl and an rpm noarch available http://wahoo.no-ip.org/~pat/rkhunter-1.1.5-1.ps.noarch.rpm that was built 11 Aug 04. -- Patrick Shanahan Registered Linux User #207535 http://wahoo.no-ip.org @ http://counter.li.org HOG # US1244711 Photo Album: http://wahoo.no-ip.org/photos
On Wednesday 18 August 2004 02:31, Patrick Shanahan wrote:
* Michael Ayers
[08-17-04 18:07]: ... much snipped ... http://www.chkrootkit.org/ is the place to look, chrootkit 0.43 . It works here with 9.1.
but was last updated 27 Dec 03
there is rkhunter available at http://www.rootkit.nl and an rpm noarch available http://wahoo.no-ip.org/~pat/rkhunter-1.1.5-1.ps.noarch.rpm that was built 11 Aug 04.
Note that all these rootkit hunters are ultimately a very poor protection. It's a "quick fix" for people who don't want to do the whole thing with tripwire or similar solutions Also note that if you're going to trust rootkit hunters, having them installed on the system you're going to be monitoring is a very bad idea. If they are to be used at all, they should be kept on secondary storage, like a CD, and run from there when you check the system.
On Tuesday 17 August 2004 4:06 pm, Michael Ayers wrote:
http://www.chkrootkit.org/ is the place to look, chrootkit 0.43 . It works here with 9.1.
Mike
I don't think so.... helphand:/home/helphand/chkrootkit-0.43 # ./chkrootkit -q Checking `find'... INFECTED Checking `top'... INFECTED You have 7 process hidden for readdir command You have 7 process hidden for ps command Warning: Possible LKM Trojan installed eth0: PF_PACKET(/sbin/dhcpcd) helphand:/home/helphand/chkrootkit-0.43 # The problem is still there. Scott -- POPFile, the OpenSource EMail Classifier http://popfile.sourceforge.net/ Linux 2.6.5-7.104-default x86_64
On Wednesday 18 August 2004 04:05, Scott Leighton wrote:
I don't think so....
helphand:/home/helphand/chkrootkit-0.43 # ./chkrootkit -q Checking `find'... INFECTED Checking `top'... INFECTED
You have 7 process hidden for readdir command You have 7 process hidden for ps command Warning: Possible LKM Trojan installed eth0: PF_PACKET(/sbin/dhcpcd) helphand:/home/helphand/chkrootkit-0.43 #
The problem is still there.
Scott
Sorry, you are right, I just checked again (was late last night) and I too have `find´ and `top´ infected but no other warnings etc. Mike
There was a typo, these are the correct links: http://portal.suse.com/sdb/de/2004/08/pohletz_chkroot_infected_progs.html http://babelfish.altavista.com/babelfish/tr?lp=de_en&url=http%3A//portal.suse.com/sdb/de/2004/08/pohletz_chkroot_infected_progs.html -- Rafael
participants (8)
-
Anders Johansson
-
Dave Lists
-
Leendert Meyer
-
Patrick Shanahan
-
peter Nikolic
-
Rafael E. Herrera
-
Scott Leighton
-
twopinkblobs@t-online.de