[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] Some assistance needed

Subject: Re: [cobalt-security] Some assistance needed
From: "Chris Burton" <chris@xxxxxxxxxxxxxxxxxx>
Date: Sat, 29 Jun 2002 12:45:51 +0100
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

> I have d/l the latest version of chkrootkit.
> Seems like my system has been comprimised.
> Searching for LPD Worm files and dirs... Possible LPD worm installed
> Checking `lkm'... not tested: can't exec ./chkproc
> Checking `sniffer'... not tested: can't exec ./ifpromisc
> Checking `wted'... not tested: can't exec ./chkwtmp
> Checking `z2'... not tested: can't exec ./chklastlog
>


Firstly read the instructions for chkrootkit, you missed the bit under
installation then re-run it. After that see what the script does .. and see
what it is triping out on..

Taking a quick look at the script it checks for:
A username in /etc/passwd starting with "kork" and/or a service listed in
/etc/inetd.conf on port 666 (or one starting with 666), if you have these
and they wasnt put there from you then you may have a problem.

ChrisB.

--
http://ChrisBurton.info/
http://www.tyneside.lug.org.uk/

Follow-Ups:
- RE: [cobalt-security] Some assistance needed
  - From: Rick

References:
- [cobalt-security] Some assistance needed
  - From: Rick

Prev by Date: [cobalt-security] Some assistance needed
Next by Date: RE: [cobalt-security] Some assistance needed
Previous by thread: [cobalt-security] Some assistance needed
Next by thread: RE: [cobalt-security] Some assistance needed

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index