[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] Running Rootkit and the result
- Subject: Re: [cobalt-security] Running Rootkit and the result
- From: "Robbert Hamburg" <rhamburg@xxxxxx>
- Date: Sun, 1 Jul 2001 11:43:24 +0200
- Organization: www.hava.nl
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
As far as I understood for fellow users here, that is nothing to worry about
!
How did the other two servers go ??
Robbert
¸,ø¤°`°¤ø,¸_¸,ø¤°`°¤ø,¸_¸,ø¤°°¤ø,¸_¸,ø¤°`°¤ø,¸_¸,ø¤°°¤ø,¸_¸,ø¤°`°¤ø,¸
Last time I was at the movies, I was thrown out for bringing my own
food. My argument was the concession stand prices were outrageous.
Besides I hadn't had a BBQ in a long time.
¸,ø¤°`°¤ø,¸_¸,ø¤°`°¤ø,¸_¸,ø¤°°¤ø,¸_¸,ø¤°`°¤ø,¸_¸,ø¤°°¤ø,¸_¸,ø¤°`°¤ø,¸
----- Original Message -----
From: "Kai Schantz, Euroweb" <kai@xxxxxxxxxx>
To: <cobalt-security@xxxxxxxxxxxxxxx>
Sent: Sunday, July 01, 2001 1:19 AM
Subject: SV: [cobalt-security] Running Rootkit and the result
> Me too I got almost similar files but a few more:
>
> Searching for suspicious files and dirs, it may take a while...
> /usr/lib/perl5/5.00503/i386-linux/.packlist
> /usr/lib/perl5/site_perl/5.005/i386-linux/auto/mod_perl/.packlist
/usr/lib/
> perl5/site_perl/5.005/i386-linux/auto/MD5/.packlist
> /usr/lib/perl5/site_perl/5.005/i386-linux/auto/Quota/.packlist /usr
> /lib/perl5/site_perl/5.005/i386-linux/auto/XML/Parser/.packlist
> /usr/lib/perl5/site_perl/5.005/i386-linux/auto/Devel/Sy
> mdump/.packlist
/usr/lib/perl5/site_perl/5.005/i386-linux/auto/DBI/.packlist
> /usr/lib/perl5/site_perl/5.005/i386-linux/
> auto/Msql-Mysql-modules/.packlist
>
> Is this somthing to worry about?
> (done one server 2 more to go, crossing fingers)
>
> Kai Schantz
> Euroweb As
> Norway
>
>
>
> Last night I ran chkrootkit-0.33 for the first time after the hints bill
> irwin gave.
>
> >One of
> >the best things you can do is grab the chkrootkit.tar.gz file
> >ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz and check your
> >system out.
>
> >tar -xvzf chkrootkit.tar.gz
> >cd into the directory
> >chmod 755 chkrootkit
> >./chkrootkit and let it run.
>
> There was one result making me suspisous can someone please clarify the
> rules below:
>
> Searching for Ambient's rootkit (ark) default files and dirs... Nothing
> found
> Searching for suspicious files and dirs, it may take a while...
> /usr/lib/perl5/5.00503/i386-linux/.packlist
> /usr/lib/perl5/site_perl/5.005/i386-linux/auto/mod_perl/.packlist
> /usr/lib/perl5/site_perl/5.005/i386-linux/auto/MD5/.packlist
> /usr/lib/perl5/site_perl/5.005/i386-linux/auto/Quota/.packlist
> /usr/lib/perl5/site_perl/5.005/i386-linux/auto/XML/Parser/.packlist
> /usr/lib/perl5/site_perl/5.005/i386-linux/auto/Devel/Symdump/.packlist
>
>
> The rest of the result came out as nothing found or Not vulnerable. Only
the
> lines above I don't really understand.
>
> Please help me out !
>
> Robbert
>
> _______________________________________________
> cobalt-security mailing list
> cobalt-security@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-security
>
> _______________________________________________
> cobalt-security mailing list
> cobalt-security@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-security
>