I followed a link and when it got to the page, my browser closed down (Opera 9.0).
Did you run as root or as unprivileged user?
Can you repeat the steps and still have Opera crash?
If it did, submit this as a possible bug to the Opera team.
I opened it back up but it was running slower than usual.
Did you check process (ps -ax), network connection (netstat -an) and user (w, last, lastb) listings?
If the box wasn't rebooted since noticing lastlog deletion run those commands now anyway.
I thought that was odd, since everything else seemed to be normal, and I got suspicious and ran chkrootkit.
Can you post the full output? Can you run "debsums -als 2>&1 | tee /tmp/debsums.log" to verify package contents are OK too?
the out put seemed normal except for the last line, which said: Checking `z2'... user root deleted or never logged from lastlog!
Did you ever log in as root? When was the last time you did that? Can you correlate this with entries from running "last" and syslog messages? What services do you provide (accessable from outside your box)? Are there any other users that are allowed access? Any other "weird" things happening earlier on you fixed or are worth mentioning?
I have never seen this message before when running a rootkit check, so thought it odd.
Sofar unclear: could be a sign but could also be a glitch. Still it's best to be prepared. Try and read these two docs for starters:
Intruder Detection Checklist (CERT):
http://www.cert.org/tech_tips/intrud...checklist.html Steps for Recovering from a UNIX or NT System Compromise (CERT):
http://www.cert.org/tech_tips/root_compromise.html LQ FAQ: Security references:
http://www.linuxquestions.org/questi...threadid=45261