Displaying 20 results from an estimated 140 matches for "rootkitted".
2006 Feb 18
0
Does your rkhunter do an md5 check?
I rebuilt rkhunter-1.2.8-1.noarch.rpm by using the spec and tgz from
the rkhunter site (www.rootkit.nl). (I rebuilt it using his
instructions.) However rkhunter does not do an md5 check. The box
used to have fedora and each time there were updates it would
complain that the some of the md5's don't match. I contacted the
author using his contact feature on Wednesday but he hasn't
2010 Sep 30
6
ClamAV thinks Wine contains a rootkit?
Anyone wanna explain why ClamAV thinks Wine has a rootkit in it?
It finds "mountmgr.sys" and "usbd.sys" as "BC.Heuristics.Rootkit.B"
This is not altered Wine.. or even used... but it happens just pure straight up compile from source Wine even if its never been ran.... its finding them in the fakedlls folder.
I have not tried on Linux, only on Mac OS X, using the
2008 Jan 13
3
Anti-Rootkit app
Hi all,
I need to install an anti-rootkid in a lot of servers. I know that
there're several options: tripwire, aide, chkrootkit...
?What do you prefer?
Obviously, I have to define my needs:
- easy setup and configuration
- actively developed
--
Thanks,
Jordi Espasa Clofent
2005 May 12
1
Do I have an infected init file?
Hello;
I'm running a FreeBSD 4.10-release-p2 box and both chkrootkit 0.44 & 0.45 report that my /sbin/init file is infected.
It appears as though the egrep for "UPX" in the output of "strings" triggers the infected notice. When I copy the init file from an uninfected box to this one chkrootkit continues to report it as infected. Is chkrootkit reading a copy of the
2018 Jun 19
0
Design Decision for KVM based anti rootkit
On 19 June 2018 at 19:37, David Vrabel <david.vrabel at nutanix.com> wrote:
> It's not clear how this increases security. What threats is this
> protecting again?
It won't completely protect prevent rootkits, because still rootkits
can edit dynamic kernel data structures, but it will limit what
rootkits damage to only dynamic data.
This way system calls can't be changed, or
2006 Nov 03
1
Enc: FreeBSD and the new virtual machine-based rootkits
----- Mensagem encaminhada ----
De: Ricardo A. Reis <ricardo_bsd@yahoo.com.br>
Para: security@freebsd.org
Enviadas: Sexta-feira, 3 de Novembro de 2006 10:54:14
Assunto: FreeBSD and the new virtual machine-based rootkits
Hi All,
Recently i participated in Brazil on October 2006 The FIRST/TRANSITS and
II Latin American Incident Response Conference (COLARIS).
In the II COLARIS - Joanna
2013 Feb 21
3
SSHD rootkit in the wild/compromise for CentOS 5/6?
Hello everyone,
I hope you are having a good day. However, I am concerned by this:
https://isc.sans.edu/diary/SSHD+rootkit+in+the+wild/15229
Has anyone heard yet what the attack vector is, if 5.9 and 6.4 are
affected, and if a patch is coming out?
Thanks!
Gilbert
*******************************************************************************
Gilbert Sebenste
2006 Jun 12
3
Check integrity or rootkits on remote server?
Hello,
when one has physical access to a computer, he
can run something like tripwire, with keys and
checksum on a separate, write-only media, to
verify the integrity of the system.
What if the system is a remote one (in my case
Centos 4.3 on a User Mode Linux VPS some hundred
of KMs from here)?
Does it still make sense to run tripwire remotely?
If yes, how, since you cannot plug a floppy or
2008 Sep 01
1
How to check for rootkit, troians etc in backed up files?
Hi,
there is a remote (VPS) Centos 4.2 server which *may* have been
compromised. Reinstalling everything from scratch isn't a problem, it
may even be an occasion to improve a few things, the question is
another.
There are backups of necessary shell script, ASCII configuration files
and more or less important email (maildir format, if it matters)
including messages with binary attachments in
2008 Feb 11
0
Remember the unknown rootkit problem previously reported?
If the attacker could get a shell, the attacker could have used this
local root exploit to get the necessary privileges to install the rootkit.
One reason why there seem to be few RHEL reports is that RHEL5 is not
that widely available yet but lots of vulnerable Fedora/Debian
installations are available.
2007 Oct 04
2
Internet threat management package
... Looking for a recommendation for a commercial threat management
package. ( Think antivirus / antispy / anti-rootkit -- all rolled into
one engine ), similar to this product:
http://usa.kaspersky.com/products_services/work-space-security.php,
which currently only supports one kernel for FC6, and RHEL4, officially.
Here's the background. Need to make a decision and investment for a
2009 Jan 26
1
I may have been rooted - but I may not!?
Morning,
I am going to treat this as a rooted box and reinstall from scratch, but any
thoughts appreciated:
This is a Trixbox Server based on Centos, running kernel 2.6.18-53.1.4.el5
SMP
The phone system stopped working but this was traced to a configuration
error with a replacement switch (it did not get added to the vlan properly),
which meant that Trixbox could not see any DNS servers and
2018 Jun 18
0
Design Decision for KVM based anti rootkit
On 16.06.2018 13:49, Ahmed Soliman wrote:
> Following up on these threads:
> - https://marc.info/?l=kvm&m=151929803301378&w=2
> - http://www.openwall.com/lists/kernel-hardening/2018/02/22/18
>
> I lost the original emails so I couldn't reply to them, and also sorry
> for being late, it was the end of semester exams.
>
> I was adviced on #qemu and
2003 Aug 22
0
rootkit
I ran chkrootkit and this is what I got.
should I worry or is this normal?
I'm running 4.8
thanks.
Checking `wted'... 3 deletion(s) between Sat Jun 26 18:10:21 2027 and Sun
Mar 24 04:27:12 2024
4 deletion(s) between Sun Mar 24 04:27:12 2024 and Sun Mar 24 04:27:12 2024
5 deletion(s) between Sun Mar 24 04:27:12 2024 and Sun Mar 24 04:27:12 2024
1 deletion(s) between Sun Mar 24 04:27:12
2003 Mar 30
2
Bindshell rootkit
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Ok...did some checking. I forgot to mention that I killed dead syslogd. Not just a -HUP but an actual kill and restarted. I did this several times. I was trying to get something else to work.
Anyway, I killed it again this morning and restarted. The infect message went away immediately.
Could this have been the problem?
-
2003 May 09
5
Hacked?
This morning, I noticed in my security email, that my entire /usr/bin
directory had setuid diff's set on them.
I think I've been hacked. So I installed chkrootkit from ports and ran
it. It showed not infected for everything,
except NETSTAT. NETSTAT showed infected...
I ran chkrootkit for another machine (at my office), and it showed not
infected for everything.
Both machines are
2001 Jun 25
1
Apparent SSH-1.2.27 Rootkit
Hello,
I found this lurking around the web, and thought people who are
running SSH-1.2.27 might be interested.
--
Kevin Sindhu <kevin at tgivan dot com>
Systems Engineer
TGI Technologies Inc. Tel: (604) 872-6676 Ext 321
107 E 3rd Avenue Fax: (604) 872-6601
Vancouver,BC V5T 1C7
Canada.
-------------- next part --------------
Welcome Root Kit SSH distribution v5.0 (by Zelea)
This
2005 May 14
2
Need some help
Hello,
I would like to ask for some specialist assistance in dissecting a
'rootkit' (seems to be massmailing specific,crafted somehow from
another kit perhaps)
It was found running on 5.x machines belonging (sofar) to my
knowledge, 2 companies,one of wich was an isp and another a webhosting
service running bsd.
I will provide the kit and further details as soon as i am sure the
thing will
2014 Apr 16
3
TRD like tool for linux?
so I found that one of my VM hosts seems to have been compromised in
some way; I've shut it down, isolated it, found a few odd things like
gibberish comments and odd hostnames that I don't recognise pointed back
to 127.0.0.1 in /etc/hosts. I tried TRD and it seems mildly useful, but
has more of a windowsy feel for what it wants to be able to fix. does
anyone know of something with more
2007 Jan 12
11
Regarding Xen security....
Hi Sir,
I have a question regarding the security of Xen. What are
the security threats in with Intel VT-x.
Thanks,
Praveen Kushwaha
________________________________________________________________________
_____________________
NEC HCL System Technologies Ltd., 4th Floor, Tower B, Logix Techno
Park, Noida | Tel: 120 436 6777 Extn 748