[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] Is this suspicious?

Subject: Re: [cobalt-security] Is this suspicious?
From: Jeff Lasman <jblists@xxxxxxxxxxxxx>
Date: Fri, 04 Oct 2002 15:58:38 -0700
Organization: nobaloney.net
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

> Julians@xxxxxxxxxxxxxxx wrote:

> I know enough to run this on our raq2,
> But not enough to know what it all means... Should I be worried?
> 
> [root chkrootkit-0.37]# ./chkrootkit

...<output snipped>...

Just grep the output for "INFECTED" (without the quotes, in CAPS).

If there aren't any, it's okay.

BUT... it can't run chkproc or ifpromisc because it's a RaQ2.

And the RaQ2 always deleted history for previous logins, so it will only
find entries for the same day's commands.

Jeff
-- 
Jeff Lasman <jblists@xxxxxxxxxxxxx>
Linux and Cobalt/Sun/RaQ Consulting
nobaloney.net, P. O. Box 52672, Riverside, CA  92517
voice: +1 909 778-9980  *  fax: +1 909 548-9484

Follow-Ups:
- Re: [cobalt-security] Is this suspicious?
  - From: Eugene Crosser

References:
- [cobalt-security] Is this suspicious?
  - From: Julians

Prev by Date: Re: [cobalt-security] Root dir vs user dir...
Next by Date: Re: [cobalt-security] Is this suspicious?
Previous by thread: [cobalt-security] Is this suspicious?
Next by thread: Re: [cobalt-security] Is this suspicious?

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index