DISCUSSION: Finding Rootkits, Infections, and Files
This thread is to discuss the article titled: Finding Rootkits, Infections, and Files
|
The offer for discussion seams interesting to me, as I support few servers in my town - all of them using debian.
One of those machines is set up with knoppix 3.2 from which I removed a lot of stuff that was not needed, so afterwards few months later I ran chkrootkit on it and it says there is probably LKM attack as 4 Processes are hidden from the ps command. And really when I ps -A I don't see process numbers 1 ? 00:00:10 init 2 ? 00:00:00 keventd 0 ? 00:00:00 ksoftirqd_CPU0 0 ? 00:00:00 kswapd 0 ? 00:00:00 bdflush 0 ? 00:00:01 kupdated I read about this, that it should be a problem with multithereading on debian in some cases, but honestly I haven't had this problem on other debian system. I suppose it has to do something with knoppix but I don't have a machine like this. After I spent hours of checking logs and so, I concluded that there isn't anything wrong What is your oppinion? Are you aware of security issues with knoppix Thanks |
from http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=222179
Quote:
--jeremy |
thanks jeremy
I see, but I am using the 2.4.22-xfs kernel on this machine that comes with knoppix |
Even tho I think this is somewhat OT, 0.44-beta is just around the corner.
If all is well it will feature an improved threading aware chkproc. |
All times are GMT -5. The time now is 11:59 PM. |