Re: [gentoo-user] chkrootkit LKM trojan ?

On Sunday 16 July 2006 22:25, Jerry McBride wrote: On Sunday 16 July 2006 15:54, Dave S wrote: On Sunday 16 July 2006 19:54, Hemmann, Volker Armin wrote: On Sunday 16 July 2006 20:25, Dave S wrote: HI, I have a potential security problem ... and err its not on gentoo, its on

[gentoo-user] chkrootkit LKM trojan ?

HI, I have a potential security problem ... and err its not on gentoo, its on ubuntu but I am not getting any response there you guys are the most tech bunch I know - Thought I would lay it on the table :) I just had an email from chkrootkit last night - --- The following suspicious files

Re: [gentoo-user] chkrootkit LKM trojan ?

On Sunday 16 July 2006 20:25, Dave S wrote: HI, I have a potential security problem ... and err its not on gentoo, its on ubuntu but I am not getting any response there you guys are the most tech bunch I know - Thought I would lay it on the table :) I just had an email from chkrootkit

Re: [gentoo-user] chkrootkit LKM trojan ?

On Sunday 16 July 2006 19:54, Hemmann, Volker Armin wrote: On Sunday 16 July 2006 20:25, Dave S wrote: HI, I have a potential security problem ... and err its not on gentoo, its on ubuntu but I am not getting any response there you guys are the most tech bunch I know - Thought I would

Re: [gentoo-user] chkrootkit LKM trojan ?

On Sunday 16 July 2006 21:54, Dave S wrote: On Sunday 16 July 2006 19:54, Hemmann, Volker Armin wrote: On Sunday 16 July 2006 20:25, Dave S wrote: HI, I have a potential security problem ... and err its not on gentoo, its on ubuntu but I am not getting any response there you guys

Re: [gentoo-user] chkrootkit LKM trojan ?

oh, and read this: http://www.chkrootkit.org/faq/ -- gentoo-user@gentoo.org mailing list

Re: [gentoo-user] chkrootkit LKM trojan ?

On Sunday 16 July 2006 21:36, Hemmann, Volker Armin wrote: oh, and read this: http://www.chkrootkit.org/faq/ Interesting ... How accurate is chkproc? If you run chkproc on a server that runs lots of short time processes it could report some false positives. chkproc compares the ps output

Re: [gentoo-user] chkrootkit LKM trojan ?

Dave S wrote: On Sunday 16 July 2006 21:36, Hemmann, Volker Armin wrote: no, if you chroot, the binaries from the chroot are used. The problem is if I do not chroot chkrootkit will scan the knoppix CD - tried it :). It needs to access the live proc etc on a running system. Use -r. Even

Re: [gentoo-user] chkrootkit LKM trojan ?

On Sunday 16 July 2006 15:54, Dave S wrote: On Sunday 16 July 2006 19:54, Hemmann, Volker Armin wrote: On Sunday 16 July 2006 20:25, Dave S wrote: HI, I have a potential security problem ... and err its not on gentoo, its on ubuntu but I am not getting any response there you guys

Re: [gentoo-user] chkrootkit LKM trojan ?

On Sunday 16 July 2006 22:12, Benno Schulenberg wrote: Dave S wrote: On Sunday 16 July 2006 21:36, Hemmann, Volker Armin wrote: no, if you chroot, the binaries from the chroot are used. The problem is if I do not chroot chkrootkit will scan the knoppix CD - tried it :). It needs to