Csanyi Pal wrote:
Hello!
My system is Debian GNU/Linux Sarge, with kernel 2.6.8.
I get the e-mail from tiger.
Tiger automatic auditor at debian-csp citation:
--------------->
# Running chkrootkit (/usr/sbin/chkrootkit) to perform further
checks...
NEW: --WARN-- [rootkit004w] Chkrootkit has detected a possible rootkit
+installation
NEW: Warning: Possible LKM Trojan installed
---------------<
What can I do now to check is it installed truly the LKM Trojan?
I appreciate any advices!
Hi
First off google for about it.
Is this a webserver, if so, look in the /var/tmp and tmp look for binarys /
tar.gz files etc (anything that looks out the ordinary).
Generally the user and group of the file will be of the webserver.
And if this machine is 24/7 on the net.
May I suggest whatever plans you had for the weekend, cancel them and take that
machine off the net.
Better start tightening your services up etc.
For apache (dont forget to tighten the conf) use nikto to help to scan test
vulnerabilities.
For ssh, maybe add a line in the conf file like Allowusers for a start.
Oh and check you logs.
Other than that best of luck.
HTH
Kind Regards
Brent Clark
P.s. It may help to mention what services you are running or what this machine
is used for.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
