[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-security] RE: Resetting Chkrootkit
- Subject: [cobalt-security] RE: Resetting Chkrootkit
- From: "Jon" <jjma100@xxxxxxxxxxx>
- Date: Sat, 17 Jan 2004 12:29:35 -0000
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Hi,
> If you're happy that it's nothing nefarious then I
> believe that you can get
> rid of it by rotating /var/log/wtmp
>
> login as root:
> cd /var/log
> mv wtmp wtmp.old
> touch wtmp
> chmod 0644 wtmp
>
> Log in to the shell from another SSH session and make
> sure /var/log/wtmp is
> > 0 blocks (don't try cat it's in binary). Try
> chkrootkit again.
Thanks this worked well.
Jon