Re: /bin/login listening?

[Douglas Allan Tutty <dtutty@porchlight.ca>]

On Sun, Jul 29, 2007 at 12:48:16PM +0000, Tyler Smith wrote:
> On 2007-07-29, Jeff D <fixedored@gmail.com> wrote:
 
> I ran rkhunter again, and then for good measure I aptitude --purged
> it, reinstalled, and ran again. And then I thought maybe the whole
> thing was compromised, so I purged it again, installed rkhunter 1.30
> from sourceforge, and ran again. And I also ran chkrootkit. In all
> cases they showed nothing happening, except for warning me that some
> of my /bin executables had been replaced by scripts -- stuff like
> egrep, fgrep etc.
> 
> So perhaps it was just a false positive. I'm going to read up on
> security stuff now, so maybe I'll have some idea how to proceed the
> next time.
> 

Its tricky.  If you have been rooted, you can't trust anything on the
system, including aptitude.  As for reading, try the package harden-doc.

Good luck.

Doug.