[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE : [cobalt-security] I think this may be an issue

Subject: RE : [cobalt-security] I think this may be an issue
From: Philippe QUINSAC <philippe@xxxxxxxxxxxxxx>
Date: Sat, 8 Mar 2003 08:01:17 +0100
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

> 
> > chkroot gave this email message.
> >
> > `bindshell'... not infected
> > Checking `lkm'... You have     2 process hidden for readdir command
> > You have     2 process hidden for ps command
> > Warning: Possible LKM Trojan installed
> > Checking `rexedcs'... not found
> >
> > how would I verify if this is true?
> 
> The hidden process check can and will sometimes report hidden 
> processes when 
> there are none. Please be aware of these *false* alarms which 
> will happen 
> mostly when you're running many dynamic processes. Like 
> Apache, MySQL or ASP.
> 
Exact. With 50 Mysql databases on one raq, these false alarms are reported
twice a week on my machine.

My newbee question is :
I use the solarspeed cheap and clean security kit, but do I need to update
rootkits definition ?

Très cordialement.
Thanks for all Michael.
---------------------
Philippe.

Follow-Ups:
- Re: RE : [cobalt-security] I think this may be an issue
  - From: Michael Stauber

Prev by Date: Re: [cobalt-security] I think this may be an issue
Next by Date: RE: [cobalt-security] I think this may be an issue
Previous by thread: Re: [cobalt-security] I think this may be an issue
Next by thread: Re: RE : [cobalt-security] I think this may be an issue

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index