Could someone help on this please.

when checking syslogs I keep getting the binding error on 111. I'm running under portsentry -atcp and -sudp

Checking `bindshell'... INFECTED (PORTS: 1524 31337) showed up after I ran a chkrootkit. it sounds like a trojan to me but i'm not sure....

whats it all about then ? I'm newbie and trying to find this one asap.

syslog shows up with ... adminalert: ERROR: could not bind TCP socket: 111. Attempting to continue.

I look through the threads and it seems ps is not to popular with linux guru's. whats new on the market and easy to configure for a wanna be linux like me.....

This also pops it head up on start up...

warning: /var/spool/postfix/etc/resolv.conf and /etc/resolv.conf differ. I deleted to match the pair, but its back again.

I also store, but not run firestarter for fun. should I KEEP or DELETE ?

Just trying to get opinion on the firewalls...and would be very glad of a kind guru.

thanks for any help

well, I don't use portsentry, but I have a basic understanding of it and most of your problems seem to spawn from that. Quick portsentry info: Portsentry listens on certian ports and when they are scanned (depends on how many you setup to trigger this) it'll block that host from everything on your computer. So when you ran chkrootkit the reason it showed those "INFECTED PORTS" its because portsentry is listening on those.
That is mostly likely the problem with port 111 not binding, I'll bet if you look at the portsentry config you see that its binding 111 and only one program can be bound to a port at a time.

now on to the postfix resolve problem, its nothing horribly bad. Postfix uses its own resolve.conf to do DNS stuff. I've never heard of anyone having a problem because the /etc/resolv.conf and postfix's resolve.conf are mismatched, but I've also never really read up on that, anyone else had any problems with that?

Firestarter is a great program. I would keep using it, its just a frontend for iptables and will provide resaonably good protection. Over all I would say drop portsentry and just run Firestarter on its own.

Khabi

Thanks for the quick response.

I spent all night banging, tweaking, reading, pushing, swearing and thumping the damn thing. What ever I did, its gone. I deleted this and that old programme, scripted a config and deleted guardog, it shows clear on binding. ..Dont ask me, I dont know.....It just is...rebooted a few times and it still is clear. anyway happy now.

Just the prefix thing-ma-jig to sort now.

For interest from previous thread
I spent hours mindstorming to get f-prot to run. then a guru said use chkrootkit. five mins to put in, bloody easy start command, runs through the whole system for virus problems. Its not easy when you know nothing is it....

Maybe another thread after tomorrow, only linux knows...!

I spent hours mindstorming to get f-prot to run. then a guru said use chkrootkit.
F-Prot and Chkrootkit aren' similar products. Chkrootkit scans the local system for all sorts of malicious activity typical for *nixes, while F-Prot is an antivirus scanner. // While on the subject of AV, last time I tested F-Prot the detection results where way below what I find acceptable. NAI's uvscan isn't free but performs better than F-P, BitDefender is free for personal use and performs better than F-P and NAI.

Thanks for the lesson unSpawn

Going to keep chkrootkit for when needed. Will now look at bitDefender upon your advice of FREE. Sounds like the type of performance scanner I have been searching for over the past few weeks. Not happy or fully secure in the head over the present Virus scanner on my box. Again thanks for the tip......



Many thanks for any further help given on the above issues