[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE : [cobalt-security] I think this may be an issue
- Subject: RE : [cobalt-security] I think this may be an issue
- From: Philippe QUINSAC <philippe@xxxxxxxxxxxxxx>
- Date: Sat, 8 Mar 2003 08:01:17 +0100
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
>
> > chkroot gave this email message.
> >
> > `bindshell'... not infected
> > Checking `lkm'... You have 2 process hidden for readdir command
> > You have 2 process hidden for ps command
> > Warning: Possible LKM Trojan installed
> > Checking `rexedcs'... not found
> >
> > how would I verify if this is true?
>
> The hidden process check can and will sometimes report hidden
> processes when
> there are none. Please be aware of these *false* alarms which
> will happen
> mostly when you're running many dynamic processes. Like
> Apache, MySQL or ASP.
>
Exact. With 50 Mysql databases on one raq, these false alarms are reported
twice a week on my machine.
My newbee question is :
I use the solarspeed cheap and clean security kit, but do I need to update
rootkits definition ?
Très cordialement.
Thanks for all Michael.
---------------------
Philippe.