Re: check for root kit
On Wed, 17 Apr 2002 15:02:02 +1000
tom_massey@dingoblue.net.au (Tom Massey) wrote:
> ...
> $ apt-cache show chkrootkit
> ...
That's a scary tool, if I ever saw one. I have it running once a day,
and it almost always reports a possible LKM "infection". Sometimes it
detects 1 process hidden from ps, sometimes 3 processes, sometimes none.
I'm reasonably sure the machine is not compromised, I think the tool is
just a bit too zealous.
I keep it installed because it does all sorts of checks for other types
of compromises.
--
Carlos Sousa
--
To UNSUBSCRIBE, email to debian-user-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: