RE: chkrootkit and lkm
Umm, I have the same problem. If I kill Exim and Spamassassin no hidden processes reported. Under normal load sometimes get 1-7 hidden processes. Was is a state of panic but it does appear that Exim and Spamassassin combined do create false positives. Can this be fixed? Mike Le mer 26/11/2003 à 01:17, Michael Bordignon a écrit : I was just running 'chkrootkit' and came across this warning: Checking `lkm'... You have 4 process hidden for ps command Warning: Possible LKM Trojan installed I have the same problem.. I believe it's a bug in chkrootkit Do you stop the services before running chkrootkit? It can append that chkrootkit report false positive on machine still running services. I had the experience with exim. When I stop it I had no false positive... Michael -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
RE: chkrootkit and lkm
Umm, I have the same problem. If I kill Exim and Spamassassin no hidden processes reported. Under normal load sometimes get 1-7 hidden processes. Was is a state of panic but it does appear that Exim and Spamassassin combined do create false positives. Can this be fixed? Mike Le mer 26/11/2003 à 01:17, Michael Bordignon a écrit : I was just running 'chkrootkit' and came across this warning: Checking `lkm'... You have 4 process hidden for ps command Warning: Possible LKM Trojan installed I have the same problem.. I believe it's a bug in chkrootkit Do you stop the services before running chkrootkit? It can append that chkrootkit report false positive on machine still running services. I had the experience with exim. When I stop it I had no false positive... Michael -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Logging User Activity
Dear All, Currently implementing a number of modifications to our internal security policies and one addition I am attempting to add is the full logging of user activity. I cannot find any simple way of achieving this within the standard doc's and searching the web for log user activity linux debian does throw up some not particularly useful links, including a package for filtering my users output to the FBI, not much good for the UK. Can anyone point me in the right direction? With thanks Mike http://www.ishop.co.uk/ Build on-line. Buy online. The only UK based complete e-commerce package. Michael Parkinson BSc.(Hons) Technical Director Intellnet Limited 5 Priors London Road Bishops Stortford Herts CM23 5ED Phone : 01279 602800 DDI : 01279 602805 Fax : 01279 600815 Mobile : 07770 380511 ICQ No. : 47666166 E-mail : [EMAIL PROTECTED] [EMAIL PROTECTED] URL :http://www.intellnet.net.uk/ http://www.ishop.co.uk/