syslogd problem

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
M+\Jeremy C. Reed at <-
MMMJeremy C. Reed at ->
Attachments:
Message as email
+ (text/plain)
Delete this message
Reply to this message
Author: Daniel McAferty
Date:  
Subject: syslogd problem
I'm starting to get really nervous now.
I downloaded the chkrootkit program you suggested earlier,
and it looks like I may have some problems with infected
files and "possible rootkits" installed.

When I ran "chkrootkit -q" I got the following:
Checking `ifconfig'... INFECTED
Checking `login'... INFECTED
Checking `pstree'... INFECTED
/etc/ld.so.hash
Possible t0rn v8 \(or variation\) rootkit installed

/usr/lib/perl5/5.8.0/i386-linux-thread-multi/.packlist
/usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi/auto/NKF/.packlist
/usr/lib/qt-3.0.5/etc/settings/.qtrc.lock
/usr/lib/openoffice/share/gnome/net/.directory
/usr/lib/openoffice/share/gnome/net/.order
/usr/lib/openoffice/share/kde/net/applnk/OpenOffice.org/.directory
/usr/lib/openoffice/share/kde/net/applnk/OpenOffice.org/.order 

Warning: Possible Showtee Rootkit installed
 /usr/include/file.h /usr/include/proc.h
Possible ShKit rootkit installed
You have     2 process hidden for ps command
Warning: Possible LKM Trojan installed
eth0: PF_PACKET(/usr/sbin/arpwatch)



----------------- end of chkrootkit results-----------
Now what do I do to fix or verify?

This could explain another problem I have been having with
telnet. (Can't get a login prompt)

Dan


> -----Original Message-----
> From:
> [mailto:plug-discuss-admin@lists.plug.phoenix.az.us]On Behalf Of Craig
> White
> Sent: Friday, January 02, 2004 11:18 AM
> To:
> Subject: RE: syslogd problem
>
>
> On Fri, 2004-01-02 at 10:36, Daniel McAferty wrote:
> > Thanks for the response and your interest.
> > The /var partition is at 37% usage now. So I'm OK there for now.
> >
> > When you say "rooted". Is that another word for being cracked?
> ---
> I was thinking 'rooted' as in cracked not as in Sinck's immortal t-shirt
> slogan.
>
> Craig
>
> ---------------------------------------------------
> PLUG-discuss mailing list -
> To subscribe, unsubscribe, or to change you mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>



This message was posted to the following mailing lists:
Plug Discuss
Mailing List Info | Nearby Messages		<-OT: New(?) wifi spotLost gnupg key files->
Some Mailing List Archive administrated by UnconfiguredLurker (version 2.3)