Good afternoon,
On 07/23/2015 02:56 PM, William wrote:
Hi all,
While doing my routine patches and scans, "chkrootkit reported the
following:
(*** snip ***)
Checking `asp'... not infected
Checking `bindshell'... warning, got bogus l2cap line.
warning, got bogus l2cap line.
(*** snip ***)
warning, got bogus l2cap line.
INFECTED (PORTS: 3133)
Checking `lkm'... chkproc: nothing detected
(*** snip ***)
I ran "rkhunter" immediately after the "chkrootkit" run finished, and
it reported no problems. How do I determine if this is a false alarm
or a real problem? If this is a real problem, what should I do about
it? Also, as I'm neither a security expert nor a sysadmin, what is
port 3133 used for?
thanks,
Bill.
I realized a lot later that I also should have mentioned that the
"chkrootkit" run was shortly after doing "yum update", "prelink -a", and
rebooting. I don't know if that's significant.
> By examining the chkrootkit program -- it's a large shell script with
> a few helper tools -- to understand what it does to perform a check.
??? I looked at that long sh script. It didn't help. I don't see how
knowing that chkrootkit uses "netstat" to check a port tells me whether
or not I have a real problem. I don't understand what it means that a
port is infected. I am a home user stuck doing his own sysadmin and
security with no training or experience in these things.
Do I have a security problem? If yes, how do I fix it?
> At http://bugz.fedoraproject.org/chkrootkit somebody has looked into
> the l2cap warning before.
Thank-you.
thanks,
Bill.
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
