On Fri, Feb 15, 2008 at 10:45 AM, [EMAIL PROTECTED]
<[EMAIL PROTECTED]> wrote:
> To all, thanks.
>
> Running "chkrootkit.48" found a crontab entry for "nobody" (
> possible worm ).
>
> crontab - l nobody doesn't exist. Is it a problem?
"nobody" is the generic totally unprivileged user. Many systems build
the locate(1) database with the privileges of "nobody" so that files
that have restricted read privileges are not found.
You should investigate this a bit further. See if you have a "nobody" user.
$ grep nobody /etc/passwd
Look at /etc/crontab to see if anything is being run as "nobody".
Possibly chrootkit is triggering on something that is not relevant to
your system.
> Also, in the building of "chkrootkit-0.48", make sense didn't work, but
> "make" made all the binaries. Could I have done something wrong?. I
> followed Jim's outline for chkrootkit installation, and followed all the
> README's.
By the way, downloading a souce tarball from a somewhat unkown place,
compiling it, and executing it as root could be a sure method of
getting infected by a all sorts of bad things.
carl
--
carl lowenstein marine physical lab u.c. san diego
[EMAIL PROTECTED]
--
[email protected]
http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-newbie
