James,
i use slackware 11.0, 2.4.33.3, firefox browser, thunderbird as
e-mail/news reader.
( intend to set up "mutt" and "slrn", and browse with "lynx". )
( started using linux because $soft is proprietary - gimme command line -- )
( don't care for "X" - too slow, and each window manager requires
another learning curve).
So:
1. i grabbed chkrootkit-0.48 tar-ball to my Internet down load directory
2. made a sub-directory under /usr/local for rootkit
2.a. cd'd to new directory and cp'd the downloaded tar-ball to new
directory
2.b. tar -xvzf *.48
2.c. cd'd to new chkroot-0.48 directory.
3. read all the README's
4 on another console as root:
4a. "# make sense" reported "no rules for sense" (???)
4b. "# make" seems to have worked compiling all the binaries.
5. "# ./chkrootkit" reported crontab entry for "nobody"
5.a "# crontab -l nobody" reported no user
6. i have only one possible infection being "nobody"
questions:
a. where did i go wrong with "make sense" ?
b. no entry from crontab for nobody.
what else do i need to provide?
john
--
[email protected]
http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-newbie
