Do you have a question? Post it now! No Registration Necessary. Now with pictures!
- Posted on
- chkrootkit wted warning
July 1, 2005, 7:55 am
rate this thread
I noticed in chkrootkit's output the line
Checking `wted'... 8 deletion(s) between ...(shortened by me)
I checked wtmp and all other logs, apparently the system has
crashed at the time in questionm so probably that's the reason
for the deletions. just to be sure I've been looking for any
suspicious activities that could indicate a compromise.
I checked for noisy network traffic.
I compared ps aux with /proc.
I booted from clean media and checked for suspicious files.
I installed check_ps and checked for hidden or fake processes.
So far, everything seems to be ok and since the system is not
connected to the LAN, I'm willing to leave it at it, but
probably somebody has additional ideas what to check.
For real email get public key 0xF6BB5695 from www.keyserver.net
NO to Software Patents - http://www.ffii.org
- » Cloud Ace Technologies is offering Implementation Services on Cloud Computing, Cloud Serv...
- — Newest thread in » Linux Security
- » ssh on command line: force using a group size (prime size) of 1024 (and no...
- — The site's Newest Thread. Posted in » Secure Shell Forum