Test with Chkrootkit
Norman Nunn
npnunn at swbell.net
Sun Jul 25 17:04:48 UTC 2004
Scot
I checked my ls version versus your info and it matches. Thanks for
your response. I relearned a couple of other important lessons here.
1. Check other maillist for leads, and
2. Check the program developer's site for the latest stable release and
notes on its use or limitations
3. Keep these security and virus programs uptodate!
I assume that since the chkrootkit-0.43 gave no indication of warnings
or infections, that my system is ok. But you know what they say about
the word assume.
Norm
On Sun, 2004-07-25 at 09:14, Scot L. Harris wrote:
> On Sun, 2004-07-25 at 11:52, Norman Nunn wrote:
> > I got the following indicators:
> >
> Of more concern is the ls INFECTED output in your partial report.
> See if you can get a good copy of ls and compare the byte size, md5sum
> and permissions on it. Below is what my system reports.
>
> -rwxr-xr-x 1 root root 80688 May 4 12:26 /bin/ls
>
> md5sum /bin/ls
> d319011a3eb49338fe333753b0cfd7bc /bin/ls
>
> You need to track that down asap to figure out what that is.
>
> It has been awhile but I ran through the exercise to examine what
> processes were hidden. I want to say it was the ones in []'s when you
> do a ps -eaf but I don't know if I remember that correctly.
>
> I am sure someone here will set me straight on this. :)
>
> --
> Scot L. Harris
> webid at cfl.rr.com
>
> Advancement in position.
>
More information about the fedora-list
mailing list