On Sat, 28 Jul 2007, Tyler Smith wrote:
Hi,
rkhunter has turned up a new warning for me:
Found warnings:
[16:37:42] Checking for packet capturing applications... Warning
[16:37:43] Warning! Process /bin/login (3888) listening
[16:37:43] Warning! Process /bin/login (3888) listening
[16:37:43] Warning! Process /bin/login (3888) listening
[16:37:43] Warning! Process /bin/login (3888) listening
[16:37:43] Warning! Process /sbin/dhclient (4197) listening
[16:37:43] WARNING, found: /etc/.java (directory) /dev/.static (directory)
/dev/.udev (directory) /dev/.initramfs (directory)
The /bin/login hasn't shown up before. Is this something I need to
worry about?
Thanks,
Tyler
--
Normally /bin/login shouldn't be listening. A couple things you could do
to see if it is listneing is:
lsof -i -n | grep LISTEN
if it is listening, it should show up there. providing lsof hasnt been
comprimised.
if you have another machine available to you, run an nmap scan on it
like so:
nmap -sV hostname
if those show up true, it's likely that you have a rootkit installed and
should pull the network cable from the machine and rebuild.
jeff
-+-
8 out of 10 Owners who Expressed a Preference said Their Cats Preferred Techno.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
