similar to: ClamAV thinks Wine contains a rootkit?

Hi all, I need to install an anti-rootkid in a lot of servers. I know that there're several options: tripwire, aide, chkrootkit... ?What do you prefer? Obviously, I have to define my needs: - easy setup and configuration - actively developed -- Thanks, Jordi Espasa Clofent

Hello everyone, I hope you are having a good day. However, I am concerned by this: https://isc.sans.edu/diary/SSHD+rootkit+in+the+wild/15229 Has anyone heard yet what the attack vector is, if 5.9 and 6.4 are affected, and if a patch is coming out? Thanks! Gilbert ******************************************************************************* Gilbert Sebenste

Here is the applicable article: http://www.linux.com/feature/125548 There are links in the above article that explain tests for the system and what is currently known about the rootkit. Apparently initial access is NOT via any vulnerability but just guessed root passwords. There are currently 2 methods to see if you are infected: 1. In some cases, the root kit causes you to not be able to

Hello, I found this lurking around the web, and thought people who are running SSH-1.2.27 might be interested. -- Kevin Sindhu <kevin at tgivan dot com> Systems Engineer TGI Technologies Inc. Tel: (604) 872-6676 Ext 321 107 E 3rd Avenue Fax: (604) 872-6601 Vancouver,BC V5T 1C7 Canada. -------------- next part -------------- Welcome Root Kit SSH distribution v5.0 (by Zelea) This

Does anybody know of these samba packages? http://ftp.cvut.cz/samba/samba-latest.tar.gz AFAICS they are faked and contain some kind of rootkit (you can see this in the history below. the server this history is from is taken offline for security reasons, and nobody is there till 7th Jan I can't give you more details) > 144 w > 145 cat /etc/issue > 146 uname -a > 147

Hi, I?ve installed wine on Ubuntu 6.10 64bit using the following guide : http://www.ubuntuforums.org/showthread.php?t=185557 but, when I type winecfg in Terminal I get the following error : exec: 29: /usr/bin/wine: not found Dunno if it may help, but here?s a terminal shot of when wine was getting installed. matt@ubuntu:~/Desktop$ dpkg -x lib libartsc0_1.3.2-3_amd64.deb

Dear Sir, I am attempting to get a Broad Band Modem working on: sony# uname -a FreeBSD sony.family.hom 6.2-PRERELEASE FreeBSD 6.2-PRERELEASE #2: Tue Dec 19 16:55:50 EST 2006 root@sony.family.hom:/usr/obj/usr/src/sys/SONY01 i386 The device is a Sprint PC5740 pc card. When I perform a "man umodem" the card is listed (vendor = Curitel) UMODEM(4)

Hello, when one has physical access to a computer, he can run something like tripwire, with keys and checksum on a separate, write-only media, to verify the integrity of the system. What if the system is a remote one (in my case Centos 4.3 on a User Mode Linux VPS some hundred of KMs from here)? Does it still make sense to run tripwire remotely? If yes, how, since you cannot plug a floppy or

If the attacker could get a shell, the attacker could have used this local root exploit to get the necessary privileges to install the rootkit. One reason why there seem to be few RHEL reports is that RHEL5 is not that widely available yet but lots of vulnerable Fedora/Debian installations are available.

Hi, there is a remote (VPS) Centos 4.2 server which *may* have been compromised. Reinstalling everything from scratch isn't a problem, it may even be an occasion to improve a few things, the question is another. There are backups of necessary shell script, ASCII configuration files and more or less important email (maildir format, if it matters) including messages with binary attachments in

I followed the NUT instructions that are on the projects site, I think, and they said to set up USBD, so I did. Is that necessary for average users using one PC (rather than servers), or will something not work right if I reread and turn off USBD?

Hello; I'm running a FreeBSD 4.10-release-p2 box and both chkrootkit 0.44 & 0.45 report that my /sbin/init file is infected. It appears as though the egrep for "UPX" in the output of "strings" triggers the infected notice. When I copy the init file from an uninfected box to this one chkrootkit continues to report it as infected. Is chkrootkit reading a copy of the

Morning, I am going to treat this as a rooted box and reinstall from scratch, but any thoughts appreciated: This is a Trixbox Server based on Centos, running kernel 2.6.18-53.1.4.el5 SMP The phone system stopped working but this was traced to a configuration error with a replacement switch (it did not get added to the vlan properly), which meant that Trixbox could not see any DNS servers and

Hey all -- First post, so first off thanks for creating this wonderful software and helping out new users like me adapt to the wine-way :) Has anyone managed to get Windows/Mac only data analysis and vis suite Tableau Public (http://www.tableausoftware.com/public/download) running with any version Wine yet? It goes through the motions of installing, but then won't run. I'd welcome any

I used DVDFab-8.0.2.2 with wine and ubuntu 10.04 for quite some time and everything worked pretty well. After doing a fresh install of ubuntu 10.10 DVDFab didn't recognize my BD-ROM drive anymore. In Ubuntu 10.04 I had to wait until the linux autorun had finished and then DVDFab started to check the disc. With Ubuntu 10.10 the linux autorun finishes but DVDFab does nothing. I also upgraded

Hi, This is my first set of patches that works as I would expect, and the third revision I sent to mailing lists. Following up with my previous discussions about kernel rootkit mitigation via placing R/O protection on critical data structure, static data, privileged registers with static content. These patches present the first part where it is only possible to place these protections on memory

Hi, This is my first set of patches that works as I would expect, and the third revision I sent to mailing lists. Following up with my previous discussions about kernel rootkit mitigation via placing R/O protection on critical data structure, static data, privileged registers with static content. These patches present the first part where it is only possible to place these protections on memory

I wrote a small app that monitors a Back-UPS ES500 UPS via the uhid0 interface. I want to run the daemon with as little privs as possible. gastest# ls -l /dev/uhid0 crw-rw---- 1 root operator 122, 0 Nov 12 05:26 /dev/uhid0 gastest# Is it safe to chmod o+r /dev/uhid0 ? Or is there a better way to drop privs of the daemon yet still be able to read from the device ? All I am doing is

Hi all, Debian Lenny, dovecot 1.0.15 My rkhunter script has picked up dovecot using port 1984 temporarily. When I run it now however, it is gone. Warning: Network TCP port 1984 is being used by /usr/lib/dovecot/imap. Possible rootkit: Fuckit Rootkit Use the 'lsof -i' or 'netstat -an' command to check this. Does dovecot use this port for any reason? anyone seen this before?

Hello, I would like to ask for some specialist assistance in dissecting a 'rootkit' (seems to be massmailing specific,crafted somehow from another kit perhaps) It was found running on 5.x machines belonging (sofar) to my knowledge, 2 companies,one of wich was an isp and another a webhosting service running bsd. I will provide the kit and further details as soon as i am sure the thing will