Re: Is my system compromised
On Saturday 04 February 2006 12:50, BTP wrote:
>I did as you mention by booting from a knoppix cd and try to check the
> hard drive partitions with chkrootkit. Chkrootkit however did not run
> in the same typical manner as it does when I invoke it from my Debian
> console: it complained about not being able to do everything it's
> supposed to, I can't remember the details.
>
>Also I gave a quick try to install some virus scanner from the Knoppix
>software install menu, but I lost my interest into figuring all that
> out and did not perform a virus scan.
>
>I did not find any specific instructions on google for dealing with
>compromised systems using knoppix, other than what I tried to do.
>
>Does anyone have any links or specific hints regarding this??
>
>Bart
>
chkrootkit is fussy about its $PATH's. I found that when I run it a
crontab entry, the path cron uses must be appended to include where
chkrootkit lives AND that I had to cd to that location else it couldn't
find the rest of its pieces, and complained in the manner you're
talking about.
>> I'd not run anything else from a hard drive I suspect is
>> compromised. Reboot with a liveCD and examine it from
>> there.
>>
>> Tony
>>
>>
>> --
>> To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
>> with a subject of "unsubscribe". Trouble? Contact
>> listmaster@lists.debian.org
--
Cheers, Gene
People having trouble with vz bouncing email to me should add the word
'online' between the 'verizon', and the dot which bypasses vz's
stupid bounce rules. I do use spamassassin too. :-)
Yahoo.com and AOL/TW attorneys please note, additions to the above
message by Gene Heskett are:
Copyright 2006 by Maurice Eugene Heskett, all rights reserved.
Reply to: