Hi, On Sat, 26 Jul 2003 02:59:29 -0600 (MDT) SoloCDM <[EMAIL PROTECTED]> wrote:
> On Sat, 26 Jul 2003, Todd Slater wrote: > > > I ran chkrootkit and was told that root has never logged in. Reading > > a bit about that tells me my system is compromised. Where should I > > look to figure out what's going on? > > Run "chkrootkit -x > chkrootkit-sample 2>&1" to get complete details > about the error. Parse it with egrep or view it with less for the > error message, maybe the output will give you an idea what happened. After 48,000-odd lines: ### Output of: /usr/lib/chkrootkit/chklastlog -f /var/log/wtmp -l /var/log/lastlog ### user root deleted or never loged from lastlog! I did a search and found this thread: http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&th=4a40cc6ac592c146&seekm=a7q7bo%247b0%241%40athena.ukc.ac.uk&rnum=2 What's the best approach--panic or not? I think it would be good to try to figure out what's happened (if anything). Thanks, Todd -- Name that tune #10: Now a very great man once said that some people will rob you with a fountain pen; it didn't take too long to find out just what he was talking about.
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
