Re: check for root kit

To: debian-user@lists.debian.org
Subject: Re: check for root kit
From: Carlos Sousa <csousa@tvtel.pt>
Date: Fri, 19 Apr 2002 19:05:31 +0100
Message-id: <[🔎] 20020419190531.3a77b57e.csousa@tvtel.pt>
In-reply-to: <[🔎] 20020417050202.GA2329@dingoblue.net.au>
References: <[🔎] 20020423143105.GA5198@campbell-lange.net> <[🔎] 20020417050202.GA2329@dingoblue.net.au>

On Wed, 17 Apr 2002 15:02:02 +1000
tom_massey@dingoblue.net.au (Tom Massey) wrote:
> ...
> $ apt-cache show chkrootkit
> ...

That's a scary tool, if I ever saw one. I have it running once a day,
and it almost always reports a possible LKM "infection". Sometimes it
detects 1 process hidden from ps, sometimes 3 processes, sometimes none.
I'm reasonably sure the machine is not compromised, I think the tool is
just a bit too zealous.

I keep it installed because it does all sorts of checks for other types
of compromises.

-- 
Carlos Sousa

-- 
To UNSUBSCRIBE, email to debian-user-request@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

Follow-Ups:
- Re: check for root kit
  - From: Patrick Kirk <patrick@kirks.net>
- Re: check for root kit
  - From: Paul 'Baloo' Johnson <baloo@ursine.dyndns.org>

References:
- check for root kit
  - From: Rory Campbell-Lange <rory@campbell-lange.net>
- Re: check for root kit
  - From: tom_massey@dingoblue.net.au (Tom Massey)

Prev by Date: Re: kernel-headers-2.2.19pre17
Next by Date: Re: VNCserver goes into session not gdm
Previous by thread: Re: check for root kit
Next by thread: Re: check for root kit
Index(es):
- Date
- Thread