-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi everybody
This day, one of my servers was compromised, but rkhunter don't report anything. After complete server analysis, I found some rootkit files (/var/ssh.*, /var/pent2.1, /etc/init.d/ssh-boot and /usr/lib/libssh.so.1.0.1.1) and detect rootkit behaviors (syslog to 93.184.100.77:12000 and 41.236.131.185:12000). How I can report those files and behaviors, to include this « rootkit » on a future update of rkhunter ? Thanks in advance - -- Aeris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJOW8lFAAoJEK8zQvxDY4P9kOYH/1uekhXfqgTDqkGdbLV0A4h2 4x0rftzRU6A92fHGp2NHze9yi9SMn+AIVuROp85lOGxLjm3dUlCYWfVl3c7Aon4m PTbZVsWvwEZp6UTa2Ir9oryABYddsmxSOvY+62ZSm+vl0hnw/Wtsd15kw4ta2LFo JRiCGTrZzLZBhFKrODhQ8m8JDTAjoZCQTWd4VvyLF0A8rl2suE8k90eXNdqfXMci RKmB0bjGrL9xukYeG/G8WSPoCpA7Zv9bt/bGuK2CDDmdvgkQ2ipY8wKeJH3VvCl3 UBAZmBYIhcGjisFC8IUGD2zFzqjo2nTS4OGUYtBsgru/BVNOWh8MUZBqPN666E4= =eO2a -----END PGP SIGNATURE----- ------------------------------------------------------------------------------ EMC VNX: the world's simplest storage, starting under $10K The only unified storage solution that offers unified management Up to 160% more powerful than alternatives and 25% more efficient. Guaranteed. http://p.sf.net/sfu/emc-vnx-dev2dev _______________________________________________ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users
