dpkg -l result:
ii kernel-image-2 2.4.27-10sarge Linux kernel image
for version 2.4.27 n 386
ii kernel-package 8.135 A utility for building Linux kernel related
ii kernel-patch-v 1.9.5.5 context switching virtual private servers -
ii kernel-source- 2.4.27-10sarge Linux kernel source
for version 2.4.27 with
My procedure:
apt-get install kernel-package kernel-source-2.4.27 kernel-patch-vserver
ncurses-dev libdb3-dev initrd-tools
..
..
..
gunzip -c
/usr/src/kernel-patches/diffs/vserver/patch-2.4.27-9-vs1.2.10-2.diff.gz
> /usr/src/kernel-patches/diffs/vserver/patch-2.4.27-9-vs1.2.10-2.diff
patch -p1 <
/usr/src/kernel-patches/diffs/vserver/patch-2.4.27-9-vs1.2.10-2.diff
I run chkrootkit inside the guest (virtual server)
Please send me result you test,
Best,
Ugo Rebaudo.
Herbert Poetzl wrote:
On Mon, Apr 03, 2006 at 05:24:02PM +0200, Ugo Rebaudo wrote:
Incredible!!!
with all the new vserver created I have this problem:
chkrootkit result
Possible LKM Trojan installed found!!!
I have try to change many sources of mirror
without to resolve the problem....
help me!
interesting ... what patch version is that?
when I find a few minutes, I will check if that
is 'normal' for the chkrootkit on a vserver
patched kernel, but it sounds suspicious
do you run it inside the guest or on the host?
best,
Herbert
reby.
Result of chkrootkit version 0.44:
...
...
Checking `lkm'... SIGINVISIBLE Adore found
Warning: Possible LKM Trojan installed
...
...
My configuration:
linux:/# vserver-info
Versions:
Kernel: 2.4.27
VS-API: 0x00010004
util-vserver: 0.30.204; Dec 20 2005, 16:58:50
Features:
CC: gcc, gcc (GCC) 3.3.5 (Debian 1:3.3.5-13)
CXX: g++, g++ (GCC) 3.3.5 (Debian 1:3.3.5-13)
CPPFLAGS: ''
CFLAGS: '-Wall -g -O2 -std=c99 -Wall -pedantic -W'
CXXFLAGS: '-g -O2 -ansi -Wall -pedantic -W
-fmessage-length=0'
build/host: i386-pc-linux-gnu/i386-pc-linux-gnu
Use dietlibc: yes
Build C++ programs: yes
Build C99 programs: yes
Available APIs: compat,v11,v13,fscompat,net,oldproc,olduts
ext2fs Source: e2fsprogs
syscall(2) invocation: fast
vserver(2) syscall#: 273/glibc
Paths:
prefix: /usr
sysconf-Directory: /etc
cfg-Directory: /etc/vservers
initrd-Directory: $(sysconfdir)/init.d
pkgstate-Directory: /var/run/vservers
Kernelheaders: /usr/include
vserver-Rootdir: /var/lib/vservers
_______________________________________________
Vserver mailing list
[email protected]
http://list.linux-vserver.org/mailman/listinfo/vserver
_______________________________________________
Vserver mailing list
[email protected]
http://list.linux-vserver.org/mailman/listinfo/vserver
_______________________________________________
Vserver mailing list
[email protected]
http://list.linux-vserver.org/mailman/listinfo/vserver
