Re: chkrootkit

To: debian-user@lists.debian.org
Subject: Re: chkrootkit
From: "s. keeling" <keeling@spots.ab.ca>
Date: Thu, 22 Jan 2004 11:01:25 -0700
Message-id: <[🔎] 20040122180125.GB29823@infidel.spots.ab.ca>
Mail-followup-to: debian-user@lists.debian.org
Reply-to: debian-user@lists.debian.org
In-reply-to: <[🔎] 200401211837.10747@sandersweb.net>
References: <[🔎] 200401211837.10747@sandersweb.net>

Incoming from David Sanders:
> I just ran chkrootkit for the first time on a woody machine and got:
> 
> Checking `lkm'... You have     1 process hidden for ps command
> Warning: Possible LKM Trojan installed
> 
> Checking `sniffer'...
> PROMISC mode detected in one of these interfaces: eth0 sit0

I wish this was added to the Debian chkrootkit manpage (if it
exists?).  This is a FAQ, and you'll get far better answers on
chkrootkit from the chkrootkit-users list.  You can search their
archive at:

   http://marc.theaimsgroup.com/?l=chkrootkit-users

It's a very low volume, high S/N list.  If you use chkrootkit, you'd
be well advised to subscribe to it.


-- 
Any technology distinguishable from magic is insufficiently advanced.
(*)               http://www.spots.ab.ca/~keeling 
- -

Reply to:

References:
- chkrootkit
  - From: David Sanders <debian@sandersweb.net>

Prev by Date: Re: Intel Pro Gigabit Ethernet drivers in Woody
Next by Date: Newbie Install Question
Previous by thread: Re: chkrootkit
Next by thread: ddt-client error " ld.so: Incorrectly built binary"
Index(es):
- Date
- Thread