Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
could please anybody help me to find out to be sure if it is problem
or if it is just epmd application on local machine just using this port
and is not exploited by some rootkit ?
any more investigation possibilites and how ?
Seems like 4369 is a long-standing known issue. It is quite normal with a program like chkrootkit to find one or two false positives, and the first thing to do is to fire up your favourite search engine and check it out, rather than panicking immediately (panicking can wait 'till a little later).
Thank you folks for the answers.
I have read about the long-standing issue for port 4369, so no I am not panicking at all :-)
I am as well aware of add bindshell port to whitelist.
But my question was how to investigate to be sure that it is like that ?
I am interested in investigation process - how to go more deeply in it.
(simplfied Example: I am not specialist in linux but in windows I have been playing with source code of rootkit capable of exploited all running processes in memory.
rootkit has been using another application/s which had allowed access through the port to internet and sending packets outside the OS to another URL. So, firewall did not detect anything. Only more deep analyze of process/ess resulted to it was a rootkit. I do not want to describe it more deeply because it was on windows.) I would like to know how to do deeper analyzing in linux.
I hope it is more clear now.
The thing about rootkits is that you have to burrow extremely deeply into the system in order to "plant" one.
Quite frankly, for any exploit to be successful in a reasonably-recently patched system, you have to leave a rather large door or window open somewhere. Unfortunately for most Windows users, Microsoft helpfully does this chore for them ... collecting very lucrative profits from its de facto subsidiary companies for so doing.