[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] RaQ4r: chkrootkit odd report: bash_history file size is 0
- Subject: Re: [cobalt-security] RaQ4r: chkrootkit odd report: bash_history file size is 0
- From: Michael Stauber <cobalt@xxxxxxxxxxxxxx>
- Date: Wed, 19 Dec 2001 21:12:15 +0100
- Organization: Stauber Multimedia Design
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Hi Michelle,
> Do I need to worry about this?
yes, it's not normal. Go to /root and do an "ls -als". Check if there is a
.bashrc file (note the leading dot). If so, then take a look at it and rename
it to something different if you didn't put it there.
I'm just working on a hacked RaQ3 of a customer. He had been hit by the
"aliens" rootkit and also had a .bashrc in place which disabled keytroke
logging for the root user. Speaking of logging: They had a nifty tool in
place which logged usernames and passwords in plain text of anyone who logged
in to any service. Scary stuff.
--
With best regards,
Michael Stauber
mstauber@xxxxxxxxxxxxxx
Unix/Linux Support Engineer