Re: My server catched a rootkit?

To: debian-user@lists.debian.org
Subject: Re: My server catched a rootkit?
From: Brian <ad44@cityscape.co.uk>
Date: Sat, 27 Nov 2010 20:38:53 +0000
Message-id: <[🔎] 20101127203853.GM20623@desktop>
In-reply-to: <[🔎] 4CF00211.6090201@gmail.com>
References: <[🔎] 4CF00211.6090201@gmail.com>

On Fri 26 Nov 2010 at 18:53:05 +0000, James Brown wrote:

> I have received the next messages from crondaemon:
> /etc/cron.daily/rkhunter:
> Internal error!
> Internal error!

[snip]

> Is it a rootkit or other error? What I need to do - remove infected
> files, reinstall the above packeges or give an order to my
> vds-provider for reinstalling my server at all?!

Your course of action will depend on the confidence you place in
rkhunter. Mine is zero, but if your reading of its reports is convincing
and you think it tells you anything important about your system your
only option is to reinstall. Not because there is anything untoward
about the server but because you you have entered a state of insecurity.
If chkrootkit was installed after your problems appeared its logs are
valueless. 

Then you could ask yourself: there are over 1,000 million computers on
the internet; why me?

Reply to:

Follow-Ups:
- Re: My server catched a rootkit?
  - From: Brad Alexander <storm16@gmail.com>

References:
- My server catched a rootkit?
  - From: James Brown <jbrownfirst@gmail.com>

Prev by Date: Re: How to get Bell Canada 3G USB network up?
Next by Date: Re: VLC player doesn't playback correctly
Previous by thread: Re: My server catched a rootkit?
Next by thread: Re: My server catched a rootkit?
Index(es):
- Date
- Thread