[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] Chkrootkit Scan



On Mon, Sep 13, 2004 at 08:44:40AM +0100, Richard Ibbotson wrote:
> Hi
> 
> After updating my SuSE 9.1 workstation the other day and downloading 
> chkrootkit-0.40 and compiling it I ran a scan with this useful utility 
> program and found...
> 
> Searching for Romanian rootkit ... nothing found
> Searching for anomalies in shell history files... nothing found
> Checking `asp'... not infected
> Checking `bindshell'... not infected
> Checking `lkm'... You have    12 process hidden for readdir command
> You have    12 process hidden for ps command
> >>> Warning: Possible LKM Trojan installed <<<
> Checking `rexedcs'... not found
> Checking `sniffer'...
> eth0 is not promisc
> Checking `wted'... nothing deleted
> Checking `scalper'... not infected
> Checking `slapper'... not infected
> 
> 
> Anything I can do to investigate this further ?  My workstation is 
> plugged into my domestic network which in turn connects to the net 
> through an ISDN router/BSD firewall.  The SuSEFireall is running on my 
> workstation as an added precaution although it's probably not doing much 
> for me in the way of protection.

Please upgrade to chkrootkit 0.44, available from www.chkrootkit.org

Ciao, Marcus

Attachment: pgpgDwjXMJblB.pgp
Description: PGP signature