Re: rootkit Jessie?

To: debian-user-french@lists.debian.org
Subject: Re: rootkit Jessie?
From: Francois Boisson <user.anti-spam@maison.homelinux.net>
Date: Thu, 18 Sep 2014 14:28:00 +0200
Message-id: <[🔎] 20140918142800.e749da67850a2e03df7aa8d3@maison.homelinux.net>
In-reply-to: <[🔎] 541AA6CC.6030907@gmail.com>
References: <[🔎] 541AA6CC.6030907@gmail.com>

Le Thu, 18 Sep 2014 11:33:00 +0200
maderios <maderios@gmail.com> a écrit:

> Bonjour
> J'obtiens ceci après avoir lancé Chkrootkit
> Searching for Suckit rootkit...                             Warning: 
> /sbin/init INFECTED
> 
> /sbin/init est un lien symbolique
> -> /lib/systemd/systemd


suckit utilise des processus cachés. Essaye un truc genre

for i in $(seq 1 65536); do ls -l $i/cmdline; done 2> /dev/null | sed -e '1,$s|^.* \([0-9]*\)/cmdline$|ps -p \1 -o comm=|g' | sh

qui devrait ne pas afficher d'erreurs ou bien utilise mon paquet cacheproc ou un paquet
équivalent genre unhide.

François Boisson

Reply to:

Follow-Ups:
- Re: rootkit Jessie?
  - From: Francois Boisson <user.anti-spam@maison.homelinux.net>
- Re: rootkit Jessie?
  - From: maderios <maderios@gmail.com>

References:
- rootkit Jessie?
  - From: maderios <maderios@gmail.com>

Prev by Date: Re: rootkit Jessie?
Next by Date: Re: rootkit Jessie?
Previous by thread: Re: rootkit Jessie?
Next by thread: Re: rootkit Jessie?
Index(es):
- Date
- Thread