[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-security] chkrootkit
- Subject: [cobalt-security] chkrootkit
- From: Brett Wright <brett@xxxxxxxxxxxxx>
- Date: Wed, 23 Jan 2002 11:14:53 +1300
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Hi List
Just a little inquiry (im new be nice)
On a raq2 i run chkrootkit, have got it going, managed to stop it picking
up the kernel version on lkm.
But i get this.
Searching for anomalies in shell history files... Warning:
`//root/.bash_history' file size is zero
nothing found.
After looking in the archives i came across this and only this.
<snip>
Perhaps. On my RaQ4, with the latest upgrades, the .bash_history file is
NOT zero, and does not get zeroed-out on ssh login either to admin (with or
without su to root) or ssh login directly to root.
<snip>
The raq2 has the latest patches.
Should i be worried about this??? or is it something simple like the file
is not getting written to? if so can anyone point me in the right direction
on how to fix this (i don't mind reading).
Thanks in Adavnce (very helpful list by the way)
Regards
Brett