[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] RaQ4r: chkrootkit odd report: bash_history file size is 0

Subject: Re: [cobalt-security] RaQ4r: chkrootkit odd report: bash_history file size is 0
From: Michael Stauber <cobalt@xxxxxxxxxxxxxx>
Date: Wed, 19 Dec 2001 21:12:15 +0100
Organization: Stauber Multimedia Design
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

Hi Michelle,

> Do I need to worry about this?

yes, it's not normal. Go to /root and do an "ls -als". Check if there is a 
.bashrc file (note the leading dot). If so, then take a look at it and rename 
it to something different if you didn't put it there.

I'm just working on a hacked RaQ3 of a customer. He had been hit by the 
"aliens" rootkit and also had a .bashrc in place which disabled keytroke 
logging for the root user. Speaking of logging: They had a nifty tool in 
place which logged usernames and passwords in plain text of anyone who logged 
in to any service. Scary stuff.

-- 

With best regards,

Michael Stauber
mstauber@xxxxxxxxxxxxxx
Unix/Linux Support Engineer

Follow-Ups:
- [cobalt-security] (no subject)
  - From: P Ferwerda

References:
- [cobalt-security] RaQ4r: chkrootkit odd report: bash_history file size is 0
  - From: Michelle A. Hoyle

Prev by Date: Re: [cobalt-security] ProFTPD Bug - may lead to a security issue
Next by Date: Re: [cobalt-security] ProFTPD Bug - may lead to a security issue
Previous by thread: Re: [cobalt-security] RaQ4r: chkrootkit odd report: bash_history file size is 0
Next by thread: [cobalt-security] (no subject)

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index