Re: check for root kit
On Fri, Apr 19, 2002 at 07:05:31PM +0100, Carlos Sousa wrote:
>On Wed, 17 Apr 2002 15:02:02 +1000
>tom_massey@dingoblue.net.au (Tom Massey) wrote:
>> ...
>> $ apt-cache show chkrootkit
>> ...
>
>That's a scary tool, if I ever saw one. I have it running once a day,
>and it almost always reports a possible LKM "infection". Sometimes it
>detects 1 process hidden from ps, sometimes 3 processes, sometimes none.
>I'm reasonably sure the machine is not compromised, I think the tool is
>just a bit too zealous.
>
Just google the warning and the port number. It does spit out false
warnings, but always the same ones for the same reasons. Only worry
about "new" ones.
--
To UNSUBSCRIBE, email to debian-user-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: