Re: check for root kit

To: Carlos Sousa <csousa@tvtel.pt>
Cc: debian-user@lists.debian.org
Subject: Re: check for root kit
From: Patrick Kirk <patrick@kirks.net>
Date: Fri, 19 Apr 2002 19:50:44 +0100
Message-id: <[🔎] 20020419185044.GA19860@enterprise.kirks.net>
In-reply-to: <[🔎] 20020419190531.3a77b57e.csousa@tvtel.pt>
References: <[🔎] 20020423143105.GA5198@campbell-lange.net> <[🔎] 20020417050202.GA2329@dingoblue.net.au> <[🔎] 20020419190531.3a77b57e.csousa@tvtel.pt>

On Fri, Apr 19, 2002 at 07:05:31PM +0100, Carlos Sousa wrote:
>On Wed, 17 Apr 2002 15:02:02 +1000
>tom_massey@dingoblue.net.au (Tom Massey) wrote:
>> ...
>> $ apt-cache show chkrootkit
>> ...
>
>That's a scary tool, if I ever saw one. I have it running once a day,
>and it almost always reports a possible LKM "infection". Sometimes it
>detects 1 process hidden from ps, sometimes 3 processes, sometimes none.
>I'm reasonably sure the machine is not compromised, I think the tool is
>just a bit too zealous.
>
Just google the warning and the port number.  It does spit out false
warnings, but always the same ones for the same reasons.  Only worry
about "new" ones.


-- 
To UNSUBSCRIBE, email to debian-user-request@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

References:
- check for root kit
  - From: Rory Campbell-Lange <rory@campbell-lange.net>
- Re: check for root kit
  - From: tom_massey@dingoblue.net.au (Tom Massey)
- Re: check for root kit
  - From: Carlos Sousa <csousa@tvtel.pt>

Prev by Date: make-kpkg continued
Next by Date: Re: tcpdump: traffic connecting to another machine
Previous by thread: Re: check for root kit
Next by thread: Re: check for root kit
Index(es):
- Date
- Thread