the prog compare the proc list in /proc and the output of command 'ps'.
So, when the chkrootkit will list in /proc, and then get an output from ps,
the time between two operation is larger enough to create others process
(or die/kill)...
that's why this check is not VERY reliable.
E.
--
Eric L
Bonjour
as Jacques Lavignotte <[EMAIL PROTECTED]> and Jens Schuessler
<[EMAIL PROTECTED]> posted in their mails at 7th of March 2003 i have
exactly the same alert message using chkrootkit:
Checking `lkm'... You have 1 process hidden for readdir command
You have 1 process hidden for ps command
Wa
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE+0jCpYh/5AEHzwrwRAkAZAJ9/UTSBB1BDVNait2sdrvtCaTqRRACdFznn
UILNRosYEdq2LcXZ5xPyEfI=
=SXH3
-END PGP SIGNATURE-
unsubscribe
On Sun, May 25, 2003 at 05:58:16PM -0400, David B Harris wrote:
> On Sun, 25 May 2003 13:04:30 -0500
> Jayson Vantuyl <[EMAIL PROTECTED]> wrote:
> > We have no idea how he's getting in, but we've got his rootkit fairly
> > nailed down (he uses a few slightly different ones).
>
> Good god man! Incl
On Sun, May 25, 2003 at 08:44:29PM +0100, David Ramsden wrote:
(..)
>
> That's a bit of a stab in the dark but something I feel admins.
> overlook (ntoe to self: look at running Apache in chroot jail :-p).
Maybe this helps:
http://www.debian.org/doc/manuals/securing-debian-howto/ap-chroot-apache-
On Sun, May 25, 2003 at 02:35:32PM -0400, Ed McMan wrote:
> Sunday, May 25, 2003, 2:04:30 PM, Jayson Vantuyl (Jayson) wrote:
>
> Jayson> We've had a number of hacked boxen recently. It appears a certain
> Jayson> person (Romanian we think) is specifically targeting us and our
> Jayson> customers
Hello all,
I have a internet server with 2 NICs
eth0 : wireless radio link
eth1 : private network
I added a third NIC on the system to receive a ADSL connection, so
eth2 : ADSL
the problem:
if I start the nics in the sequence eth0,eth1,eth2 -- I can access the
server from outside only through AD
On Saturday 24 May 2003 11:48, Markus Kolb wrote:
> On Saturday 24 May 2003 01:05, Herbert Xu wrote:
> > Hi:
> >
> > If you're looking for Debian alpha/i386 kernel-images with all the
> > recent security alerts (ptrace, ioperm, net hash) fixed, look no
> > further.
>
> [...]
>
> Great,
> thank you
On Friday 23 May 2003 15:32, Phillip Hofmeister wrote:
> Your policy/rules should[...]
Since you're discussing firewalls...
My setup currently is basically forbid everything coming in (except
ESTABLISHED, RELATED in iptables terms) and allow everything going out.
This is on my home network, mea
11 matches
Mail list logo