in my sid installation the synaptics logon screen asking for root
password started warning about "could not grab keyboard, malicious
agent". Chkrootkit gave a "bindshell on port 1630" warning.
The warning was only generated when the adsl connection is on.
Can this be somebody('s bot) trying over adsl?
I have a hardware router/switch (sweex) with rather primitive firewall.
Not very clear what it does.
Connection is ptpp/vpn with fixed ip#.
Made a new partition, installed new sid with serious password, installed
bastille, planning to mount the existing partition for /home (reusing
existing /home and perhaps some /etc files). Is this safe?
This is my experimental machine, no real harm.
A different sarge machine chrootkits as "4 hidden processes, possible
LKM trojan", I bastilled this machine too. Google seemed to indicate
this may not be serious, it is a P4 with multiple threading (not enabled
I think). Now I feel less secure.
My woody server (66 MHz) and a sarge (355 MHz) laptop have no chkrootkit
warnings (too slow for a hacker?).
Any other packages recommended for battening down the hatches?