Am luat chkrootkit nou, am recompilat... "chkrootkit -x lkm" arata cam asa :
nova:/share/chkrootkit-0.45# ./chkrootkit -x lkm ROOTDIR is `/' ### ### Output of: ./chkproc -v -v -p 2 ### CWD 2405: /var/lib/mysql EXE 2405: /usr/sbin/mysqld CWD 2406: /var/lib/mysql EXE 2406: /usr/sbin/mysqld ./chkrootkit: line 1: 2458 Segmentation fault ./chkproc -v -v -p 2 Daca inchid mysql-ul, tot da segfault, dar nu mai returneaza nici un output... Dupa ceva investigatii, prin /var/log/messages apare asa ceva la executia lui "chkproc" : Jul 6 17:13:46 nova kernel: c01690e3 Jul 6 17:13:46 nova kernel: PREEMPT Jul 6 17:13:46 nova kernel: Modules linked in: ipt_IMQ imq Jul 6 17:13:46 nova kernel: CPU: 0 Jul 6 17:13:46 nova kernel: EIP: 0060:[<c01690e3>] Tainted: GF VLI Jul 6 17:13:46 nova kernel: EFLAGS: 00010202 (2.6.11.12nova.scieron.com14/06/2005) Jul 6 17:13:46 nova kernel: EIP is at __d_lookup+0x73/0x1a0 Jul 6 17:13:46 nova kernel: eax: 00000001 ebx: 00000008 ecx: 00000001 edx: c64b8000 Jul 6 17:13:46 nova kernel: esi: c64b8f78 edi: 0000ffff ebp: 08ace279 esp: c64b8dbc Jul 6 17:13:46 nova kernel: ds: 007b es: 007b ss: 0068 Jul 6 17:13:46 nova kernel: Process chkproc (pid: 2505, threadinfo=c64b8000 task=c25cf0e0) Jul 6 17:13:46 nova kernel: Stack: c036ebc8 c016cec4 00000000 c317e006 08ace279 00000005 c64b8e38 c64b8f78 Jul 6 17:13:46 nova kernel: cffe4aa0 c64b8f30 c015e478 cffe16b4 c64b8f30 c64b8e38 c127ddd4 c317e00b Jul 6 17:13:46 nova kernel: c64b8f78 c015ec7b c64b8f78 c64b8f30 c64b8e38 cffe16b4 c92b973c c0148e5c ...etc etc etc. Cel mai probabil este de la patch-ul cu IMQ, modprobe imi spunea ca modulul e "invalid" cand incercam "modprobe ipt_IMQ", si nu a mers decat cu "modprobe -f ", iar pe undeva prin dmesg la boot-are ma anunta clar ca kernelul este "tainted". Sa speram ca numai asta e problema, nu am porturi deschise altceva decat cele strict necesare si alea puse pe alte "numere" :) Concluzia... atentie la bug-uri ca poate apar false positives si pe la voi Multzam mult de raspunsuri oricum !!! ======= At 2005-07-06, 12:37:46 you wrote: ======= >On Wed, 6 Jul 2005, Alexandru Stefan-Voicu wrote: > >> E cazul sa ma ingrijorez, sau e doar o problema de librarii prea noi >> pentru un soft ce vine cu distro-ul ? > > Da, ingrijoreaza-te, ai probleme cu masina aia, posibil >hardware. Eventual poti incerca sa recompilezi chkrootkit-ul. > >-- >Any views or opinions presented within this e-mail are solely those of >the author and do not necessarily represent those of any company, unless >otherwise expressly stated. > >--- >Detalii despre listele noastre de mail: http://www.lug.ro/ > > > = = = = = = = = = = = = = = = = = = = = Alexandru Stefan-Voicu [EMAIL PROTECTED] 2005-07-06 --- Detalii despre listele noastre de mail: http://www.lug.ro/
