On Mon, Nov 11, 2002 at 10:23:03AM +1000, Peter Kiem wrote:
> On my nightly chkrootkit run over the weekend I noticed this on one of my
> servers:
> Checking `slapper'... Warning: Possible Slapper Worm installed
>
> Yet subsequent checks turned up nothing. It is a Red Hat 7.1 server
> running apache-1.3.22-5.7.1, mod_ssl-2.8.5-5 and openssl-0.9.6-13 which
> are the latest versions from Red Hat.
>
> Is this something to be worried about?
Two suggestions. First, go get a fresh copy of chkrootkit and build it.
Preferably on a different machine, if possible.
Secondly, _read_ the chkrootkit script and, in the section where it
looks for 'Slapper', see what they look for to tell you it might possibly
be installed.
Looking at my copy--version 0.37, I think it's the most current--it will
report a possible Slapper installation if:
-There's something mucking about with port 2002
-If any of the files /tmp/.bugtraq or /tmp/.bugtraq.c exist
> Also, why does it every now give me the message "warning, got bogus unix
> line"?
That's not part of chkrootkit.
--
Dave Ihnat
[EMAIL PROTECTED]
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@;redhat.com?subject=unsubscribe
https://listman.redhat.com/mailman/listinfo/redhat-list
