[Cialug] rootkit bug?
admin
cialug@cialug.org
Thu, 10 Mar 2005 17:07:55 -0600
don't feel bad i was running redhat 7.1
-----Original Message-----
From: timwilson011@mchsi.com
To: cialug@cialug.org
Date: Thu, 10 Mar 2005 22:57:46 +0000
Subject: Re: [Cialug] rootkit bug?
> Yeah, yeah, I know, I need to upgrade. RH 7.2 is old, but it works!
>
> On the plus side, once I changed the ps command back to "ps auxw", it
> found no
> problems. Maybe RH 7.2 is too old for script kiddies to pay attention
> to. :-)
>
> --
> Tim W.
>
>
> > timwilson011@mchsi.com wrote:
> > > I think there might be a problem in chkrootkit. When it checks
> lkm, I get:
> > > ps: error: Thread display not implemented.
> > >
> > > And then I get the syntax screen for ps. I also noticed in the log
> posted
> > later
> > > in this thread, it looks like lkm was skipped. It says: "Checking
> `lkm'...
> > > Checking `rexedcs'... not found". Notice there isn't a result for
> lkm before
> > it
> > > starts checking rexedcs.
> > >
> > > Looking at chkproc.c, it uses "ps mauxw", whereas chkrootkit 0.44
> used "ps
> > > auxw". Evidently procps-2.0.7-11 can't handle thread display.
> > >
> > > --
> > > Tim W.
> >
> > Tim... UPGRADE! :p
> >
> > Tested it on my "old" Mandrake 9.2 system, seems to work just fine.
> It
> > has procps-3.1.11-2mdk.
> >
> > ...
> > Checking `lkm'... chkproc: nothing detected
> > Checking `rexedcs'... not found
> > ...
> >
> > -dc
> >
> > _______________________________________________
> > Cialug mailing list
> > Cialug@cialug.org
> > http://cialug.org/mailman/listinfo/cialug
> _______________________________________________
> Cialug mailing list
> Cialug@cialug.org
> http://cialug.org/mailman/listinfo/cialug
-------------------------
want an email address ending in @c0wzftp.com?
send an email on over to admin@c0wzftp.com