Hello, On Sun, 04 Jan 2009 17:47:35 +0100 gavin miles <[email protected]> wrote: >I installed rkhunter
I hope it's version 1.3.4? >r...@shiggler-laptop:/tmp# ls -la >total 51 >drwxrwxrwt 9 root root 28672 2009-01-04 11:32 . >drwxr-xr-x 21 root root 1024 2008-05-15 22:07 .. >(..) >drwxrwxrwt 2 root root 1024 2009-01-04 11:12 .X11-unix >(..) >Is this the Sneakin' Rootkit and how do i verify that? There's actually one directory name that comprises of three dots in "/tmp/.X11-unix/.../rk". If it's there and not hidden you should be able to cd into "/tmp/.X11-unix/.../". >Some other strange things have been occurring on my system "Strange things" do not automagically a breach of security make. Most often the unexplained can be divined by looking at the omens (er, I mean read logs, check manual pages, search for clues), using other tools for second opinion and your distributions package management for verification. >and rkhunter pointed out that i had some >strange symbolic links in the /etc/alternatives directory (and a >couple elsewhere) of things i didn't create. You could check your distributions' documentation. I'm sure you'll find something about the function of /etc/alternatives. If that's not it then please post the relevant lines from your rkhunter.log. >Also, there is a program on my system called orbd that is making >wierd connections on my system aswell. i'm not sure if you have >that on your computer but we'll get to that after. Without details I vote "object request broker daemon". Regards, unSpawn --- -- Paying too much for your business phone system? Click here to compare systems from top companies. http://tagline.hushmail.com/fc/PnY6qxu9tWDcDUfoMSe0NYrTmllS58RF4U8bdaUf0oAgjx1YzTp3C/ ------------------------------------------------------------------------------ _______________________________________________ Rkhunter-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/rkhunter-users
