Hi together,
we noticed right now an attempt to use our server for nasty things. This small
script tried to connect to a foreign IRC Server to receive commands and was
able to change is command in top and htop to „/usr/sbin/asterisk“. We don’t use
asterisk at all so there is no binary file located at this location.
Here comes my question:
Is rkunter able to check whether the process file exists in the filesystem?
Would it make sense to check this at all?
Have a nice day together,
Bastian
--
Bastian Bringenberg
TYPO3 Server Administration Team Member
TYPO3 .... inspiring people to share!
Get involved: http://typo3.org
------------------------------------------------------------------------------
Android is increasing in popularity, but the open development platform that
developers love is also attractive to malware creators. Download this white
paper to learn more about secure code signing practices that can help keep
Android apps secure.
http://pubads.g.doubleclick.net/gampad/clk?id=65839951&iu=/4140/ostg.clktrk
_______________________________________________
Rkhunter-users mailing list
Rkhunter-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/rkhunter-users
