[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-security] Cobalt Raq2 & Chkrootkit 0.37

The RaQ2 is a MIPS platform. The RaQ3,4,500,XTR are all Intel.

You have a precompiled version of chkrootkit. If you download the source and compile it yourself, it'll work.

Graeme
--
Graeme Fowler
System Administrator
Host Europe Group PLC

-----Original Message-----
From: Arminder Singh [mailto:m-list@xxxxxxxxxxxx]
Sent: 27 September 2002 14:27
To: cobalt-security@xxxxxxxxxxxxxxx
Subject: [cobalt-security] Cobalt Raq2 & Chkrootkit 0.37


Greetings All,

Has anyone came across this starange behaviour of Chkrootkit 0.37 while running on Cobalt Raq2 (specifically Raq2). Following is the output I rcvd. on running the same :
............
Checking `mail'... not infected
Checking `mingetty'... not found
Checking `netstat'... not infected
Checking `named'... not infected
Checking `passwd'... INFECTED
Checking `pidof'... not infected
Checking `pop2'... not found
Checking `pop3'... not found
Checking `ps'... not infected
............
Checking `bindshell'... not infected
Checking `lkm'... ./chkrootkit: ./chkproc: cannot execute binary file
Warning: Possible LKM Trojan installed
Checking `rexedcs'... not found
Checking `sniffer'... 
./chkrootkit: ./ifpromisc: cannot execute binary file
Checking `wted'... ./chkrootkit: ./chkwtmp: cannot execute binary file
Checking `scalper'... not infected
Checking `slapper'... not infected
Checking `z2'... ./chkrootkit: ./chklastlog: cannot execute binary file

Is there anyone that can explain this, will be highly admirable. The same isn't in case of Raq3 & Raq4, but only in Raq2s.

Cheers

Arminder Singh
Sr. Exec. System Administrator
------------------------------------------------------- 
Pugmarks InterWeb Pvt. Ltd. INDIA Tel: (172) 622 753, 54, 55, Fax:91 (172)-645-906 
Pugmarks Inc. Tel: (630) 571-0699, Fax: (630)-571-0642
http://www.pugmarks.net