Jarek wrote:
> Hi all!
>
> I've found undetected rootkit. It looks like some modification of
> SHV4/SHV5.
> (Checked with Rootkit Hunter 1.2.9).
>
> Unfortunetely I've removed some part of its files, but some remains
> (attached).
> Rootkit was installed in /etc/inittab as a call to:
>
> /usr/sbin/ttyload
[...]
> I suggest to add to rkhunter a search for daemons running from deleted
> files.
It already does that.
> I think, that it could be also a good idea, to add to rkhunter some kind
> of portscan, which will look for services like sshd or telnetd. It is at
> least suspected if there are few different ssh daemons running on one
> machine.
It already does that, too.
Perhaps you should get a later version of rkhunter.
Mike
--
p="p=%c%s%c;main(){printf(p,34,p,34);}";main(){printf(p,34,p,34);}
Oppose globalization and One World Governments like the UN.
This message made from 100% recycled bits.
You have found the bank of Larn.
I speak only for myself, and I am unanimous in that!
------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day
trial. Simplify your report design, integration and deployment - and focus on
what you do best, core application coding. Discover what's new with
Crystal Reports now. http://p.sf.net/sfu/bobj-july
_______________________________________________
Rkhunter-users mailing list
Rkhunter-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/rkhunter-users
