Chkrootkit URL is www.chkrootkit.org Mike
-------------------------------------------- Mike Pelley "Non illegitimati carborundum" Owner & "Misc. Rambler" of Pelleys.com [EMAIL PROTECTED] - www.pelleys.com -------------------------------------------- -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Jerry Winegarden Sent: Friday, August 30, 2002 1:49 PM To: [EMAIL PROTECTED] Subject: Re: help, my server maybe have been compromised ! On Wed, 28 Aug 2002, Jonathan Johnson wrote: > Dear Lewi (et al.), > > On Wed, 28 Aug 2002 22:10:06 +0700, Lewi <[EMAIL PROTECTED]> > wrote: > > > I just checking whereis passwd place from, when I run this > > # whereis passwd <snip> > > Yes, this looks very wrong, so you may have been "rooted." > <snip> > > There is a rootkit sniffer that will search for known malicious code on > a filesystem; I forget the name but it is documented on > www.insecure.org. chkrootkit highly recommended If you think you've been hacked, re-install. Don't mess around with trying to figure out what's been replaced or added and what hasn't. -- *************************************************** .~. Jerry Winegarden / v \ OIT/Technical Support, Duke University /( _ )\ [EMAIL PROTECTED], http://www-jerry.oit.duke.edu ^ ^ *************************************************** -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
