Am Mi, den 03.12.2003 schrieb Vanh Phom um 10:03: > Hi folk, > After reading on report of servers compromised. Just for curiorsity I > run chkrootkit on my own machine and come up with this result: > > Searching for anomalies in shell history files... nothing found > Checking `asp'... not infected > Checking `bindshell'... not infected > Checking `lkm'... You have 12 process hidden for readdir command > You have 12 process hidden for ps command > Warning: Possible LKM Trojan installed > Checking `rexedcs'... not found > Checking `sniffer'... > eth0: PROMISC > > Is my machine compromised? How to fix this? Did you read /usr/share/doc/chkrootkit/README.Debian ? No you didn't. noflushd: A running noflushd and a 2.2 kernel may cause chkrootkit to warn about the presence of lkm. On 2.4.20: noflushd may trigger lkm warnings as well. --paolo lkm: In general, any process starting at around same time as lkm test may trigger a warning. Just try while true;do chkrootkit lkm;sleep 1;done during normal system use. See also FAQ 6 on www.chkrootkit.org r-- paolo > Vanh joerg -- Gib GATES keine Chance!
Attachment:
signature.asc
Description: Dies ist ein digital signierter Nachrichtenteil