Btw, thanks for the link on check-ps Xander. That's one more tool for
our arsenal. :)
By the way, as long as we're on the topic on rookits...I remember
experimenting before with installing suckit on a 2.4.2x+ kernel but not
being able to get it work. If I recall right, I remember getting it to
work on a 2.4.18 kernel. Just out of curiosity, has anyone here
experimented with suckit and tried to get it working on a recent 2.4 kernel?
-Paul Patrick C. Prantilla
Xander Solis wrote:
Exactly. Analysis, and prevention, still needs to be done. It could be
that there are really hidden processes/threads, that are benign.
On 4/28/06, Paul Patrick C. Prantilla <[EMAIL PROTECTED]> wrote:
Hello,
I just wanted to mention to the original poster that there are cases of
false positives regarding the line "You have X process hidden for
readdir command" from chkrootkit. You can read about them in google.
I've also experienced such false positives before.
Still, as the others advice...you should of course still take the
necessary precaution steps. I just thought to mention about false
positives because I've never actually seem to have reliable output with
rkhunter or chkrootkit and hardly rely on them anymore...and I read
about people who feel the same way. I like using file integrity checkers
like tripwire instead.
-Paul
_________________________________________________
Philippine Linux Users' Group (PLUG) Mailing List
[email protected] (#PLUG @ irc.free.net.ph)
Read the Guidelines: http://linux.org.ph/lists
Searchable Archives: http://archives.free.net.ph
