[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
SV: [cobalt-security] Running Rootkit and the result
- Subject: SV: [cobalt-security] Running Rootkit and the result
- From: "Kai Schantz, Euroweb" <kai@xxxxxxxxxx>
- Date: Sun, 1 Jul 2001 01:19:51 +0200
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Me too I got almost similar files but a few more:
Searching for suspicious files and dirs, it may take a while...
/usr/lib/perl5/5.00503/i386-linux/.packlist
/usr/lib/perl5/site_perl/5.005/i386-linux/auto/mod_perl/.packlist /usr/lib/
perl5/site_perl/5.005/i386-linux/auto/MD5/.packlist
/usr/lib/perl5/site_perl/5.005/i386-linux/auto/Quota/.packlist /usr
/lib/perl5/site_perl/5.005/i386-linux/auto/XML/Parser/.packlist
/usr/lib/perl5/site_perl/5.005/i386-linux/auto/Devel/Sy
mdump/.packlist /usr/lib/perl5/site_perl/5.005/i386-linux/auto/DBI/.packlist
/usr/lib/perl5/site_perl/5.005/i386-linux/
auto/Msql-Mysql-modules/.packlist
Is this somthing to worry about?
(done one server 2 more to go, crossing fingers)
Kai Schantz
Euroweb As
Norway
Last night I ran chkrootkit-0.33 for the first time after the hints bill
irwin gave.
>One of
>the best things you can do is grab the chkrootkit.tar.gz file
>ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz and check your
>system out.
>tar -xvzf chkrootkit.tar.gz
>cd into the directory
>chmod 755 chkrootkit
>./chkrootkit and let it run.
There was one result making me suspisous can someone please clarify the
rules below:
Searching for Ambient's rootkit (ark) default files and dirs... Nothing
found
Searching for suspicious files and dirs, it may take a while...
/usr/lib/perl5/5.00503/i386-linux/.packlist
/usr/lib/perl5/site_perl/5.005/i386-linux/auto/mod_perl/.packlist
/usr/lib/perl5/site_perl/5.005/i386-linux/auto/MD5/.packlist
/usr/lib/perl5/site_perl/5.005/i386-linux/auto/Quota/.packlist
/usr/lib/perl5/site_perl/5.005/i386-linux/auto/XML/Parser/.packlist
/usr/lib/perl5/site_perl/5.005/i386-linux/auto/Devel/Symdump/.packlist
The rest of the result came out as nothing found or Not vulnerable. Only the
lines above I don't really understand.
Please help me out !
Robbert
_______________________________________________
cobalt-security mailing list
cobalt-security@xxxxxxxxxxxxxxx
http://list.cobalt.com/mailman/listinfo/cobalt-security