P.S. Did anyone point out that chkrootkit needs to be kept up to date? It does.
Back in May, on the cobalt-security list, Michael Stauber of solarspeed.net described a rootkit he'd found that completely evaded chkrootkit 0.40...
<http://list.cobalt.com/pipermail/cobalt-security/2003-May/008201.html>
The interesting part being, an OLDER version of chkrootkit DID provide some evidence of the kit.
Since then, I've been running multiple versions of chkrootkit over my server(s) on a regular basis... just in case. Notice that a new version was released just last Saturday.
<http://www.chkrootkit.org/>
pjm
-- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list