[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-security] chkrootkit

Subject: [cobalt-security] chkrootkit
From: Brett Wright <brett@xxxxxxxxxxxxx>
Date: Wed, 23 Jan 2002 11:14:53 +1300
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

Hi List

Just a little inquiry (im new be nice)

On a raq2 i run chkrootkit, have got it going, managed to stop it pickingup the kernel version on lkm.


But i get this.

Searching for anomalies in shell history files... Warning:`//root/.bash_history' file size is zero

nothing found.

After looking in the archives i came across this and only this.

<snip>

Perhaps. On my RaQ4, with the latest upgrades, the .bash_history file isNOT zero, and does not get zeroed-out on ssh login either to admin (with orwithout su to root) or ssh login directly to root.

<snip>

The raq2 has the latest patches.

Should i be worried about this??? or is it something simple like the fileis not getting written to? if so can anyone point me in the right directionon how to fix this (i don't mind reading).


Thanks in Adavnce (very helpful list by the way)

Regards
Brett

References:
- [cobalt-security] Re: Portsentry, ipchains and pmfirewall
  - From: Render-Vue
- Re: [cobalt-security] Re: Portsentry, ipchains and pmfirewall
  - From: E.B. Dreger

Prev by Date: Re: [cobalt-security] Re: Portsentry, ipchains and pmfirewall
Next by Date: Re: [cobalt-security] Portsentry, ipchains and pmfirewall
Previous by thread: Re: [cobalt-security] Re: Portsentry, ipchains and pmfirewall
Next by thread: [cobalt-security] ns in.proftpd[17902]: warning: /etc/hosts.deny

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index