[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: security



> Hi To All,
>
> I just installed chkrootkit on my machine and I got this results
>
> Checking `lkm'... You have     3 process hidden for ps command
> Searching for Romanian rootkit ...  /usr/include/file.h
> /usr/include/proc.h Searching for Showtee... Warning: Possible Showtee
> Rootkit installed Searching for t0rn's v8 defaults... Possible t0rn v8
> \(or variation\) rootkit installed Checking `pstree'... INFECTED
> Checking `login'... INFECTED
> Checking `ifconfig'... INFECTED
>
> How can I correct this? Pls advice.

Back up user data (config files too) and then format, re-install, change
all user names and password information (including root), and put up a
secure firewall and harden the system (including all servers) intensively.
Then go and check every other machine on the network, including accounting
systems or any system used for Internet transactions. You may want to
review all credit card transactions for the past few months in case they
trapped your keystrokes. The kiddie got in once, he/she will try again.

A good book is Hacking Linux Exposed, it will show you some of the
favorite attacks used by kiddies.

Do NOT mess around with this. There are no safe shortcuts, sorry.

-- 
Keith Mastin
BeechTree Information Technology Services Inc.
Toronto, Canada
(416)696 6070





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]