Re: Re[2]: Chkrootkit
It may be slightly unpure, but what's wrong with:
chkrootkit -q | grep -vE '(eth[0-9]+:*[0-9]* *is not
promisc)'
That would at least avoid triggering the mail from the
cron job.
Regards,
Josh
--- Kay-Michael Voit <kay@voits.net> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: MD5
>
> DCE> for (1) I guess you can put the binaries in a
> read-only medium and run
> DCE> them from there, like a CD-ROM or a
> write-protected floppy/flash-medium.
> Well, the attacker could just stop the cronjob...
> but great idea
> though.
> My server is a remote rootserver, so this no
> solution for me...
>
> DCE> I am not sure I got what you mean in (2)
> I mean that the quiet output is not quiet. I would
> exspect that there
> is only output if there a problem, but it still says
> that eth0 is in
> promisc mode.
> If I understand promisc mode, this is not a problem,
> so I can't fix
> it, so there will always be output (which I dont
> want, because cron
> sends a mail then)
>
> -----BEGIN PGP SIGNATURE-----
> Version: 2.6
>
>
iQEVAwUAPqgflp9LInC1Fu5pAQG9kQf8DZUnDsiMYsTKFIiHOpo6G2i8k0p+jUn/
>
j87PCCzTZZhRzoAyXMVrpD1dx9LP96uLOENorDDj0U4wvsjbYx1Q0wg1GQivSd9T
>
Uwaq2ZZNLw4QlIOV9sZ7Obn3JfQmPH88ofeqlIk21p+XZbitoeEK7d16wU6EDD8v
>
KhqA8aL9EwL+2dB7/Aj/PpYcrwD7beA3hfjQ6PgZLhW7o0gyfrl4mv7InrrmSAuc
>
eCSCWFKEnzIDzRbfcZo7Bz6aptwd3FqmWcLL9655LQQ1k5JzI1oeflR1PPjGocZE
>
yxXijaDOjrjFDy9La418s5IkwoN0GyusaWopW/hrfI/16KPFTVKdtQ==
> =aqwa
> -----END PGP SIGNATURE-----
>
>
> --
> To UNSUBSCRIBE, email to
> debian-security-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
> listmaster@lists.debian.org
>
>
Reply to: