LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 06-17-2007, 12:45 PM   #1
The_Watcher
Member
 
Registered: Mar 2007
Location: London
Posts: 40

Rep: Reputation: 15
Red face Urgent, possible hacker. Tried rkhunter


Hi. I have just done 'top' on my linux (RHEL) OS, and to my shock I can see a job running which I have not had before:

PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
15308 ****** 25 0 6456 2168 876 R 101 0.0 297:07.18 gam_server


I so not know what gam_server is? I did a ps -aut and found the following:

Warning: bad syntax, perhaps a bogus '-'? See /usr/share/doc/procps-3.2.3/FAQ
****** 15308 3.4 0.0 6456 2168 ? R Jun11 308:18 /usr/libexec/gam_server

(The ****** in the above is my username which I have blocked out.)

Question: Have I been hacked? What should I do?

I have run rkhunter as root, and everything looks ok except the following:

Code:
Application advisories
* Application scan
   Checking Apache2 modules ...                               [ Not found ]
   Checking Apache configuration ...                          [ OK ]

* Application version scan
   - Exim MTA 4.43                                            [ Old or patched version ]
   - GnuPG 1.2.6                                              [ Old or patched version ]
   - Apache 2.0.52                                            [ OK ]
   - Bind DNS 9.2.4                                           [ OK ]
   - OpenSSL 0.9.7a                                           [ Old or patched version ]
   - PHP 4.3.9                                                [ Old or patched version ]
   - Procmail MTA 3.22                                        [ OK ]
   - OpenSSH 3.9p1                                            [ OK ]



Security advisories
* Check: Groups and Accounts
   Searching for /etc/passwd...                               [ Found ]
   Checking users with UID '0' (root)...                      [ OK ]

* Check: SSH
   Searching for sshd_config...
   Found /etc/ssh/sshd_config
   Checking for allowed root login... Watch out Root login possible. Possible risk!
    info: No 'PermitRootLogin' entry found in file /etc/ssh/sshd_config
    Hint: See logfile for more information about this issue
   Checking for allowed protocols...                          [ Warning (SSH v1 allowed) ]

* Check: Events and Logging
   Search for syslog configuration...                         [ OK ]
   Checking for running syslog slave...                       [ OK ]
   Checking for logging to remote system...                   [ OK (no remote logging) ]

MD5 scan
Skipped

File scan
Scanned files: 342
Possible infected files: 0

Application scan
Vulnerable applications: 4

Thanks.

The Watcher

Last edited by unSpawn; 01-07-2010 at 12:11 PM. Reason: //Added code tag, removed unnecessary colour tag.
 
Old 06-17-2007, 01:19 PM   #2
Brian1
LQ Guru
 
Registered: Jan 2003
Location: Seymour, Indiana
Distribution: Distribution: RHEL 5 with Pieces of this and that. Kernel 2.6.23.1, KDE 3.5.8 and KDE 4.0 beta, Plu
Posts: 5,700

Rep: Reputation: 65
It is part of this app. http://www.gnome.org/~veillard/gamin/
Several post on the item here and on google.

As far as the 4 vurnablities most seem to be sshd related. If you are running sshd service then you should fix those items as mentioned.
Add
PermitRootLogin no
Protocol 2

Not seeing the whole output of rkhunter my guess some files are preset with hidden . in certain directories.

Brian
 
Old 06-17-2007, 03:19 PM   #3
The_Watcher
Member
 
Registered: Mar 2007
Location: London
Posts: 40

Original Poster
Rep: Reputation: 15
Quote:
Originally Posted by Brian1
It is part of this app. http://www.gnome.org/~veillard/gamin/
Several post on the item here and on google.

As far as the 4 vurnablities most seem to be sshd related. If you are running sshd service then you should fix those items as mentioned.
Add
PermitRootLogin no
Protocol 2

Not seeing the whole output of rkhunter my guess some files are preset with hidden . in certain directories.

Brian

Thanks Brian.

At least it is relief that I am not being hacked. Bearing in mind that I am a novice with linux, can you advise me on the following:

(1) Where do I add "PermitRootLogin no" and "Protocol 2"? And how -- is it a simple vi trick?

(2) Why have I got gam_server running and why is it taking an entire CPU processor? (There is only 1 external host that I have access to directly via ssh. I have not connected to it for a couple of months.)

Here is my complete rkhunter output:

Code:
Rootkit Hunter 1.2.9 is running

Determining OS... Unknown
Warning: This operating system is not fully supported!
All MD5 checks will be skipped!


Checking binaries
* Selftests
     Strings (command)                                        [ OK ]


* System tools
     Skipped!


Check rootkits
* Default files and directories
   Rootkit '55808 Trojan - Variant A'...                      [ OK ]
   ADM Worm...                                                [ OK ]
   Rootkit 'AjaKit'...                                        [ OK ]
   Rootkit 'aPa Kit'...                                       [ OK ]
   Rootkit 'Apache Worm'...                                   [ OK ]
   Rootkit 'Ambient (ark) Rootkit'...                         [ OK ]
   Rootkit 'Balaur Rootkit'...                                [ OK ]
   Rootkit 'BeastKit'...                                      [ OK ]
   Rootkit 'beX2'...                                          [ OK ]
   Rootkit 'BOBKit'...                                        [ OK ]
   Rootkit 'CiNIK Worm (Slapper.B variant)'...                [ OK ]
   Rootkit 'Danny-Boy's Abuse Kit'...                         [ OK ]
   Rootkit 'Devil RootKit'...                                 [ OK ]
   Rootkit 'Dica'...                                          [ OK ]
   Rootkit 'Dreams Rootkit'...                                [ OK ]
   Rootkit 'Duarawkz'...                                      [ OK ]
   Rootkit 'Flea Linux Rootkit'...                            [ OK ]
   Rootkit 'FreeBSD Rootkit'...                               [ OK ]
   Rootkit 'Fuck`it Rootkit'...                               [ OK ]
   Rootkit 'GasKit'...                                        [ OK ]
   Rootkit 'Heroin LKM'...                                    [ OK ]
   Rootkit 'HjC Kit'...                                       [ OK ]
   Rootkit 'ignoKit'...                                       [ OK ]
   Rootkit 'ImperalsS-FBRK'...                                [ OK ]
   Rootkit 'Irix Rootkit'...                                  [ OK ]
   Rootkit 'Kitko'...                                         [ OK ]
   Rootkit 'Knark'...                                         [ OK ]
   Rootkit 'Li0n Worm'...                                     [ OK ]
   Rootkit 'Lockit / LJK2'...                                 [ OK ]
   Rootkit 'MRK'...                                           [ OK ]
   Rootkit 'Ni0 Rootkit'...                                   [ OK ]
   Rootkit 'RootKit for SunOS / NSDAP'...                     [ OK ]
   Rootkit 'Optic Kit (Tux)'...                               [ OK ]
   Rootkit 'Oz Rootkit'...                                    [ OK ]
   Rootkit 'Portacelo'...                                     [ OK ]
   Rootkit 'R3dstorm Toolkit'...                              [ OK ]
   Rootkit 'RH-Sharpe's rootkit'...                           [ OK ]
   Rootkit 'RSHA's rootkit'...                                [ OK ]
   Sebek LKM...                                               [ OK ]
   Rootkit 'Scalper Worm'...                                  [ OK ]
   Rootkit 'Shutdown'...                                      [ OK ]
   Rootkit 'SHV4'...                                          [ OK ]
   Rootkit 'SHV5'...                                          [ OK ]
   Rootkit 'Sin Rootkit'...                                   [ OK ]
   Rootkit 'Slapper'...                                       [ OK ]
   Rootkit 'Sneakin Rootkit'...                               [ OK ]
   Rootkit 'Suckit Rootkit'...                                [ OK ]
   Rootkit 'SunOS Rootkit'...                                 [ OK ]
   Rootkit 'Superkit'...                                      [ OK ]
   Rootkit 'TBD (Telnet BackDoor)'...                         [ OK ]
   Rootkit 'TeLeKiT'...                                       [ OK ]
   Rootkit 'T0rn Rootkit'...                                  [ OK ]
   Rootkit 'Trojanit Kit'...                                  [ OK ]
   Rootkit 'Tuxtendo'...                                      [ OK ]
   Rootkit 'URK'...                                           [ OK ]
   Rootkit 'VcKit'...                                         [ OK ]
   Rootkit 'Volc Rootkit'...                                  [ OK ]
   Rootkit 'X-Org SunOS Rootkit'...                           [ OK ]
   Rootkit 'zaRwT.KiT Rootkit'...                             [ OK ]

* Suspicious files and malware
   Scanning for known rootkit strings                         [ OK ]
   Scanning for known rootkit files                           [ OK ]
   Testing running processes...                               [ OK ]
   Miscellaneous Login backdoors                              [ OK ]
   Miscellaneous directories                                  [ OK ]
   Software related files                                     [ OK ]
   Sniffer logs                                               [ OK ]

* Trojan specific characteristics
   shv4
     Checking /etc/rc.d/rc.sysinit
       Test 1                                                 [ Clean ]
       Test 2                                                 [ Clean ]
       Test 3                                                 [ Clean ]
     Checking /etc/inetd.conf                                 [ Not found ]
     Checking /etc/xinetd.conf                                [ Clean ]

* Suspicious file properties
   chmod properties
     Checking /bin/ps                                         [ Clean ]
     Checking /bin/ls                                         [ Clean ]
     Checking /usr/bin/w                                      [ Clean ]
     Checking /usr/bin/who                                    [ Clean ]
     Checking /bin/netstat                                    [ Clean ]
     Checking /bin/login                                      [ Clean ]
   Script replacements
     Checking /bin/ps                                         [ Clean ]
     Checking /bin/ls                                         [ Clean ]
     Checking /usr/bin/w                                      [ Clean ]
     Checking /usr/bin/who                                    [ Clean ]
     Checking /bin/netstat                                    [ Clean ]
     Checking /bin/login                                      [ Clean ]

* OS dependant tests

   Linux
     Checking loaded kernel modules...                        [ OK ]
     Checking file attributes                                 [ OK ]
     Checking LKM module path                                 [ OK ]


Networking
* Check: frequently used backdoors
  Port 2001: Scalper Rootkit                                  [ OK ]
  Port 2006: CB Rootkit                                       [ OK ]
  Port 2128: MRK                                              [ OK ]
  Port 14856: Optic Kit (Tux)                                 [ OK ]
  Port 47107: T0rn Rootkit                                    [ OK ]
  Port 60922: zaRwT.KiT                                       [ OK ]

* Interfaces
     Scanning for promiscuous interfaces...                   [ OK ]


System checks
* Allround tests
   Checking hostname... Found. Hostname is ******
   Checking for passwordless user accounts... OK
   Checking for differences in user accounts... OK. No changes.
   Checking for differences in user groups... OK. No changes.
   Checking boot.local/rc.local file...
     - /etc/rc.local                                          [ OK ]
     - /etc/rc.d/rc.local                                     [ OK ]
     - /usr/local/etc/rc.local                                [ Not found ]
     - /usr/local/etc/rc.d/rc.local                           [ Not found ]
     - /etc/conf.d/local.start                                [ Not found ]
     - /etc/init.d/boot.local                                 [ Not found ]
   Checking rc.d files...
     Processing........................................
               ........................................
               ........................................
               ........................................
               ........................................
               ........................................
               ........................................
               ........................................
               ........................................
               ........................................
               ........................................
               ........................................
               ........................................
               ........................................
               ........................................
               ........................................
               ........................................
               ........................................
               ........................................
               ........................................
               ..................................
   Result rc.d files check                                    [ OK ]
   Checking history files
     Bourne Shell                                             [ OK ]

* Filesystem checks
   Checking /dev for suspicious files...                      [ OK ]
   Scanning for hidden files...                               [ OK ]

[Press <ENTER> to continue]



Application advisories
* Application scan
   Checking Apache2 modules ...                               [ Not found ]
   Checking Apache configuration ...                          [ OK ]

* Application version scan
   - Exim MTA 4.43                                            [ Old or patched version ]
   - GnuPG 1.2.6                                              [ Old or patched version ]
   - Apache 2.0.52                                            [ OK ]
   - Bind DNS 9.2.4                                           [ OK ]
   - OpenSSL 0.9.7a                                           [ Old or patched version ]
   - PHP 4.3.9                                                [ Old or patched version ]
   - Procmail MTA 3.22                                        [ OK ]
   - OpenSSH 3.9p1                                            [ OK ]



Security advisories
* Check: Groups and Accounts
   Searching for /etc/passwd...                               [ Found ]
   Checking users with UID '0' (root)...                      [ OK ]

* Check: SSH
   Searching for sshd_config...
   Found /etc/ssh/sshd_config
   Checking for allowed root login... Watch out Root login possible. Possible risk!
    info: No 'PermitRootLogin' entry found in file /etc/ssh/sshd_config
    Hint: See logfile for more information about this issue
   Checking for allowed protocols...                          [ Warning (SSH v1 allowed) ]

* Check: Events and Logging
   Search for syslog configuration...                         [ OK ]
   Checking for running syslog slave...                       [ OK ]
   Checking for logging to remote system...                   [ OK (no remote logging) ]

---------------------------- Scan results ----------------------------

MD5 scan
Skipped

File scan
Scanned files: 342
Possible infected files: 0

Application scan
Vulnerable applications: 4

Scanning took 74 seconds

Thanks.
The Watcher

Last edited by unSpawn; 01-07-2010 at 12:10 PM. Reason: //Added code tag, removed unnecessary colour tag.
 
Old 06-18-2007, 03:54 AM   #4
aus9
LQ 5k Club
 
Registered: Oct 2003
Location: Western Australia
Distribution: Icewm
Posts: 5,842

Rep: Reputation: Disabled
from your output

Found /etc/ssh/sshd_config is the current ssh config file....
you do not need to use vi if you are not familar with it

suggest you open this config file with your fav editor using root powers and edit as per Brian's suggestions

and there is no hash to be in front of those 2 configs pls.

2) having had a peek at that gamin site you are likely to have a
etc/gamin folder which you can delete etc

I suggest you do a grep or a search for gamin on you whole filesystem just to be sure.

3) You do not appear to be a regular user of ssh so consider turning it off in the /etc/ssh and /etc/init.d or /etc/rc area...depending on how it works on your distro as I do not use RH.

I would use the file manager to change permissions from rwx to r--
 
Old 06-18-2007, 11:31 AM   #5
The_Watcher
Member
 
Registered: Mar 2007
Location: London
Posts: 40

Original Poster
Rep: Reputation: 15
Quote:
Originally Posted by aus9
from your output

2) having had a peek at that gamin site you are likely to have a
etc/gamin folder which you can delete etc

I suggest you do a grep or a search for gamin on you whole filesystem just to be sure.

3) You do not appear to be a regular user of ssh so consider turning it off in the /etc/ssh and /etc/init.d or /etc/rc area...depending on how it works on your distro as I do not use RH.

I would use the file manager to change permissions from rwx to r--

Thanks, I have altered the /etc/ssh/sshd_config file accordingly, and that is all ok now. I have restarted my workstation and the gamin_server has disappeared from the 'top' list.

I cannot find /etc/gamin; or gamin anywhere. I did 'find / -name gamin' as root and got nothing?

How do I turn off ssh? What do I do when I actually do want to use ssh?

Can you tell me what file I should change permission of to r-- ?

My /etc/ssh has the following entries:

moduli
ssh_config
ssh_host_dsa_key
ssh_host_dsa_key.pub
ssh_host_key
ssh_host_key.pub
ssh_host_rsa_key
ssh_host_rsa_key.pub
sshd_config


and my /etc/init.d has the following:

Code:
FreeWnn
NetworkManager
acpid
amd
anacron
arpwatch
atd
auditd
autofs
bgpd
bluetooth
bootparamd
canna
cpuspeed
crond
cups
cups-config-daemon
cyrus-imapd
dc_client
dc_server
dhcp6r
dhcp6s
dhcpd
dhcrelay
diskdump
dovecot
dund
exim
firstboot
functions
gpm
haldaemon
halt
hidd
hpoj
httpd
iiim
ip6tables
irda
irqbalance
iscsi
isdn
kadmin
keytable
killall
kprop
krb524
krb5kdc
kudzu
ldap
lisa
lm_sensors
lvm2-monitor
mailman
mdmonitor
mdmpd
messagebus
microcode_ctl
multipathd
mysqld
named
netdump
netdump-server
netfs
netplugd
network
nfs
nfslock
nscd
ntpd
nvconfig
openibd
ospf6d
ospfd
pand
pcmcia
portmap
postfix
postgresql
psacct
rawdevices
rdisc
readahead
readahead_early
rhnsd
ripd
ripngd
rpcgssd
rpcidmapd
rpcsvcgssd
rstatd
rusersd
rwhod
saslauthd
sendmail
single
smartd
smb
snmpd
snmptrapd
spamassassin
squid
sshd
syslog
sysstat
tog-pegasus
tux
vncserver
winbind
xfs
xinetd
ypbind
zebra
Thanks again.

The Watcher

Last edited by unSpawn; 01-07-2010 at 12:12 PM. Reason: //Added code tag, removed unnecessary colour tag.
 
Old 06-18-2007, 04:34 PM   #6
Brian1
LQ Guru
 
Registered: Jan 2003
Location: Seymour, Indiana
Distribution: Distribution: RHEL 5 with Pieces of this and that. Kernel 2.6.23.1, KDE 3.5.8 and KDE 4.0 beta, Plu
Posts: 5,700

Rep: Reputation: 65
To see if sshd is runing run this command.
/sbin/service --status-all | grep ssh

If running then issue this command. Even if it is not run this one and the next one.
/sbin/service sshd stop

To stop it from starting on reboot of the machine.
/sbin/chkconfig --level 345 sshd off

Brian
 
Old 06-18-2007, 05:30 PM   #7
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600
I have restarted my workstation and the gamin_server has disappeared from the 'top' list.
I cannot find /etc/gamin; or gamin anywhere. I did 'find / -name gamin' as root and got nothing?

Next time you should use lsof on the PID. Lsof will show what files it's got open, so if it's not installed using the package manager it's easier to find traces of. Since you use RH*L tho you could "rpm -q --whatprovides /usr/libexec/gam_server" to see if it's part of an installed package. If it's not then you should search with "find / -iname \*gamin\*".

* To deny rogue processes use something like SELinux or GRSecurity. In this case GRSecurity this is "easier" to "fix" since you can simply deny users to start applications outside the set $PATH using a sysctl control.
 
Old 06-19-2007, 09:36 AM   #8
The_Watcher
Member
 
Registered: Mar 2007
Location: London
Posts: 40

Original Poster
Rep: Reputation: 15
Quote:
Originally Posted by Brian1
To see if sshd is runing run this command.
/sbin/service --status-all | grep ssh

If running then issue this command. Even if it is not run this one and the next one.
/sbin/service sshd stop

To stop it from starting on reboot of the machine.
/sbin/chkconfig --level 345 sshd off

Brian
And if I want to use ssh myself later on, I presume I do
/sbin/service sshd on

or something similar?

Can I out this into a start file like /etc/init.d ? And the overtride it whenever I want to use ssh ?

Thanks.
The Watcher
 
Old 06-19-2007, 10:53 AM   #9
RedHatCat
Member
 
Registered: Jun 2005
Location: London, Uk
Distribution: RH-ES 3/4, FC 5/6
Posts: 51

Rep: Reputation: 15
/sbin/service sshd start I think, will start it manually when you need it.

I use ntsysv command to manage services in RH, simply scroll down the list and hit space to select/deselect services to run in your current runlevel, then reboot - or perhaps re-init your runlevel. Seems to work ok for me, I also turn off cups/pcmcia/isdn/sendmail and all the other junk I dont use, takes about 5 seconds

Last edited by RedHatCat; 06-19-2007 at 10:55 AM.
 
Old 06-19-2007, 03:34 PM   #10
Brian1
LQ Guru
 
Registered: Jan 2003
Location: Seymour, Indiana
Distribution: Distribution: RHEL 5 with Pieces of this and that. Kernel 2.6.23.1, KDE 3.5.8 and KDE 4.0 beta, Plu
Posts: 5,700

Rep: Reputation: 65
Yes to start from a command line use either of the following. First is a Redhat type command.
/sbin/service sshd start
/etc/init.d/sshd start

Brian
 
Old 06-26-2007, 04:05 AM   #11
aus9
LQ 5k Club
 
Registered: Oct 2003
Location: Western Australia
Distribution: Icewm
Posts: 5,842

Rep: Reputation: Disabled
the Watcher

Do you have the updates icon in your system tray of the panel?

if so, right hand click it...for a rh person...and disable it from starting and quit it.....then reboot and to test and recheck your kinfo memory as I am just testing mdv 2007.1 (cooker with updates heh heh) and it had a huge memory leak and a google at LXF forum suggests its the update icon.

of course you now do manual checking but that is no worries for me.

FYI

I am now getting on a 1G ram system
app 13%
cache 14%
free ram 73%

while b4 I went down to free 15 Megs but it bottomed out and did not do a ms BSOD


good luck

Last edited by aus9; 06-26-2007 at 04:06 AM.
 
Old 06-26-2007, 09:05 PM   #12
The_Watcher
Member
 
Registered: Mar 2007
Location: London
Posts: 40

Original Poster
Rep: Reputation: 15
Angry

Quote:
Originally Posted by aus9
the Watcher

Do you have the updates icon in your system tray of the panel?

if so, right hand click it...for a rh person...and disable it from starting and quit it.....then reboot and to test and recheck your kinfo memory as I am just testing mdv 2007.1 (cooker with updates heh heh) and it had a huge memory leak and a google at LXF forum suggests its the update icon.

of course you now do manual checking but that is no worries for me.

FYI

I am now getting on a 1G ram system
app 13%
cache 14%
free ram 73%

while b4 I went down to free 15 Megs but it bottomed out and did not do a ms BSOD


good luck


O No! After all that, the gam_server has appeared again. Here is what I see when I do 'top' --

18721 [******] 25 0 6188 1988 876 R 98 0.0 43:28.16 gam_server


I have turned off sshd as before, to no effect.

Can I not simply kill it by "kill -9 18721" ?

The Watcher
 
Old 06-26-2007, 09:13 PM   #13
The_Watcher
Member
 
Registered: Mar 2007
Location: London
Posts: 40

Original Poster
Rep: Reputation: 15
Quote:
Originally Posted by The_Watcher
O No! After all that, the gam_server has appeared again. Here is what I see when I do 'top' --

18721 [******] 25 0 6188 1988 876 R 98 0.0 43:28.16 gam_server


I have turned off sshd as before, to no effect.

Can I not simply kill it by "kill -9 18721" ?

The Watcher

By the way:
  • What does gam_server or gamin actually do?
  • I have found the package where gamin is installed by doing
    "rpm -q --whatprovides /usr/libexec/gam_server". And what I get is:

    gamin-0.1.7-1.2.EL4
    gamin-0.1.7-1.2.EL4


Do I need gamin? can I remove it if it is not important? If so, how do I uninstall it?

Thanks.

The Watcher
 
Old 06-26-2007, 10:20 PM   #14
jschiwal
LQ Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 682Reputation: 682Reputation: 682Reputation: 682Reputation: 682Reputation: 682
Gamin is a file monitoring service. It is a defensive service that monitors your system in the background, looking for system files that have been modified. You might not want to uninstall it's goodness!

Code:
Name : gamin 
  Version : 0.1.7   Vendor : Red Hat, Inc_ 
  Release : 8.fc6   Date : 2006-11-20 12:03:41 
  Group : Development/Libraries   Source RPM :  gamin-0.1.7-8.fc6.src.rpm 
  Size : 396356 
  Packager : Red Hat, Inc_ < http://bugzilla_redhat_com/bugzilla> 
  Summary : Library providing the FAM File Alteration Monitor API 
  Description : 
 This C library provides an API and ABI compatible file alteration
monitor mechanism compatible with FAM but not dependent on a system wide
daemon.
 
Old 06-26-2007, 10:31 PM   #15
Crito
Senior Member
 
Registered: Nov 2003
Location: Knoxville, TN
Distribution: Kubuntu 9.04
Posts: 1,168

Rep: Reputation: 53
Your system has definitely been copped by malicious computer coppers.

Copping is running rampant these days.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Which one is better, Chkrootkit or Rkhunter? ComputerHermit_ Linux - Security 7 04-16-2007 11:17 PM
rkhunter atlaika Linux - Security 7 11-29-2005 11:47 AM
rkhunter cronjob simcox1 Linux - Security 11 11-21-2005 09:25 AM
rkhunter found the following monroetech Linux - Security 3 12-20-2004 09:51 PM
rkhunter phatbastard Linux - Security 3 12-08-2004 10:44 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 08:23 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration