On 2007-05-15 08:48:44 -0700, Andrew Sackville-West wrote: > If you're already compromised, chkrootkit won't do you any good as it > could be compromised too.
Perhaps reboot the machine in single user (in case a rootkit is run from the init files), check the ctime of chkrootkit, and if it is OK, this means that it hasn't been compromised. > I recommend you take the machine offline and monitor it for more > similar activity. If the activity occurs while offline, its probably > your doing, at not someone else's. If some daemon has been installed, there could be some activity... -- Vincent Lefèvre <[EMAIL PROTECTED]> - Web: <http://www.vinc17.org/> 100% accessible validated (X)HTML - Blog: <http://www.vinc17.org/blog/> Work: CR INRIA - computer arithmetic / Arenaire project (LIP, ENS-Lyon) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
