Displaying 20 results from an estimated 900 matches similar to: "chkrootkit reporting possible LKM trojan"
2007 Nov 20
2
chkrootkit V. 0.47
Running freeBSD 6.1
After changing chkrootkit to the latest version V. 0.47 and compiling it then
running it I get the following:
==================<SNIPPIT>================
Searching for anomalies in shell history files... nothing found
Checking `asp'... not infected
Checking `bindshell'... INFECTED (PORTS: 6667)
Checking `lkm'... You have 131 process hidden for readdir
2003 Aug 24
2
weird problem with chkrootkit and checksums
Hello,
last night, my chkrootkit crontab returned an alarm message :
> Checking `lkm'... You have 1 process hidden for readdir command
> You have 2 process hidden for ps command
> Warning: Possible LKM Trojan installed
Some research on google make me think it's probably a false positive. I
tried few things :
re-launching chkrootkit : "Checking `lkm'...
2004 May 21
12
Hacked or not ?
Hi,
I have a 4.9-STABLE FreeBSD box apparently hacked!
Yesterday I ran chkrootkit-0.41 and I don't like some of the outputs.
Those are:
chfn ... INFECTED
chsh ... INFECTED
date ... INFECTED
ls ... INFECTED
ps ... INFECTED
But all the rest is NOT PROMISC, NOT INFECTED, NOTHING FOUND, NOTHING DELETED, or NOTHING DETECTED.
I know by the FreeBSD-Security archives that
2003 Apr 13
1
chfn, chsh, ls, ps - INFECTED
My machine got hacked a few days ago through the samba bug. I
reinstalled everything cvsuped src-all, and ran chkrootkit. No more LKM
but still...
Can anyone please advise ?
bash-2.05b# chkrootkit | grep INFECTED
Checking `chfn'... INFECTED
Checking `chsh'... INFECTED
Checking `date'... INFECTED
Checking `ls'... INFECTED
Checking `ps'... INFECTED
--
Jay
-------------- next
2009 Apr 13
2
weighted mean and by() with two index
Hi expeRts,
I would like to calculate weighted mean by two factors.
My code is as follows:
R> tmp <- by(re$meta.sales.lkm[, c("pc", "sales")],
re$meta.sales.lkm[, c("size", "yr")], function(x)
weighted.mean(x[,1], x[,2]))
The result is as follows:
R> tmp
size: micro
yr: 1994
[1] 1.090
2010 May 15
1
what''s wrong with my pv domU console? INIT: Id "1" respawning too fast: disabled for 5 minutes
Hi Pasi,
if I don''t change the tty to hvc it will stopped on
Kernel 2.6.31.13 on i686 (console)
localhost login: root
Kernel 2.6.31.13 on i686 (console)
localhost login: root
Kernel 2.6.31.13 on i686 (console)
localhost login: root
After I change it to hvc0 followed the twiki page the log is
Remounting root filesystem in read-write mode: [ OK ]
Mounting local filesystems: [ OK
2006 Nov 09
7
xen, iscsi and resilience to short network outages
Hi. Here is the short version:
If dom0 experiences a short (< 120 second) network outage the guests
whose disks are on iSCSI LUNs get (seemingly) unrecoverable IO errors.
Is it possible to make Xen more resiliant to such problems?
And now the full version:
We''re testing Xen on iSCSI LUNs. The hardware/software configuration is:
* Dom0 and guest OS: SLES10 x86_64
* iSCSI LUN on
2005 Oct 28
0
chkrootkit 0.46 reboots FreeBSD 5.4-RELEASE-p8
Hello,
Please, don't use chkrootkit 0.46 on production machines.
The "chkproc" process sends a SIGXFSZ (25) signal to init,
that interprets this signal as a "disaster" and reboots
after a 30s sleep.
I'm contacting the chkrootkit maintainer to fix this
problem.
Sorry,
Cordeiro
2004 Jun 12
2
Hacked or not appendice
Hi all again,
I must add, there are no log entries after June 9, 2004. "LKM" message first
apeared June 8, 2004, after this day, there is nothing in /var/messages,
/var/security .....
How could I look for suspicious LKM module ? How could I find it, if the
machine is hacked and I can not believe "ls", "find" etc. commands ?
Peter Rosa
2006 Jun 13
2
Cleaning Up My Process Table
I'm upgrading my primary server from RH 7.2 to CentOS-4.3.ServerCD. I
REALLY like the ServerCD. Who needs all the fluff that comes with a
standard distro? If I want a system-config-gooey I can run Xnest [1]
and ssh -X from my laptop. Anyway I have two questions:
1) How can I collectively stop all the NFS, portmap, whatever? I'm hoping
it can be manipulated as a group because occationally
2006 Sep 19
3
Error on DomU with xencons=ttyS
Hi all,
I have a question on /etc/inittab for DomU booted with xencons parameter.
I saw the following error messages when I appended xencons=ttyS to DomU
boot option.
INIT: Id "1" respawning too fast: disabled for 5 minutes
INIT: Id "2" respawning too fast: disabled for 5 minutes
INIT: Id "4" respawning too fast: disabled for 5 minutes
INIT: Id
2006 Apr 18
6
Asterisk service crashes
List,
The past few days the asterisk service on my server has crashed several
times. I have had it running for months and have made no changes to it.
When it crashes, I am unable to make calls or gain access to the CLI. The
service has been stopped. If I try to start it again (service asterisk
start), it will start and run for a few seconds then crash again. After a
reboot, it will run
2003 Nov 19
2
creative VoIP blaster & *
Ok,
I've googled for 15+ minutes, and have yet to find a usable answer, so I'm
going to annoy everyone and ask here.
I have, in my posession, a creative VoIP blaster. I have installed the
fobbit LKM and I can see the device. Can I use it with asterisk in any
meaningful way, shape, or form? I'd love to be able to buy an IP phone,
ATA, or FXO card, but lack the funds at the moment
2014 Feb 03
3
Memory leak - how to investigate
My web & name server runs out of memory from time to time, to the point
where it's completely unresponsive to anything. At that point reset is
the only alternative. (Or, as this is a virtual guest, I just say "virsh
destroy").
But why this happens - I would like to know.
The host in question is a KVM guest, and runs CentOS 6.4.
From "top" (situation now):
Mem:
2009 Feb 12
4
tty login hangs
Hi all,
I have two servers both identical in hardware and I have just done a
clean install of CentOS 5.2 x86_64 on both.
Sometimes (more often than not) when I log in at the physical console
(e.g. tty1, tty2, etc.) I will be logged in and it stops responding even
if the shell is not doing anything.
When this happens I can still switch to another VT with alt+f2 and login
as normal.
I don't
2003 Dec 07
5
possible compromise or just misreading logs
I am not sure if I had a compromise but I am not sure I wanted some other
input.
I noticed in this in my daily security run output:
pc1 setuid diffs:
19c19
< 365635 -rwsr-xr-x 1 root wheel 204232 Sep 27 21:23:19 2003
/usr/X11R6/bin/xscreensaver
---
> 365781 -rwsr-xr-x 1 root wheel 205320 Dec 4 07:55:59 2003
/usr/X11R6/bin/xscreensaver
It was the only file listed and I didn't
2012 May 19
3
converting csv to image file
Hello everyone,
I want to get a 1km by lkm grid raster image using my csv data. If I call
latitude=a, longitude=b and preciptation=c.
a<-(1,2,3,4,5)
b<-(6,7,8,9,10)
c<-(10,20, 30,40, 50)
Then I found an example in r help which goes like
pts = read.table("file.csv",......)
library(sp)
library(rgdal)
proj4string(pts)=CRS("+init=epsg:4326") # set it to lat-long
pts =
2006 Aug 24
2
SELinux Strict Mode
According to http://www.redhat.com/magazine/006apr05/features/selinux/ there
is a package named selinux-policy-strict, which contains a series of rules
for correctly handling many situations (software) when using strict policy.
Does CentOS have this package available ?
If not, can someone make it available through Centosplus or Addon, for
example ?
This package is not part of the upstream main
2004 Jun 12
0
How do I tell I was hacked?
>
>
>Date: Sat, 12 Jun 2004 13:15:33 +0200
>From: "Peter Rosa" <prosa@pro.sk>
>Subject: Hacked or not ?
>To: "FreeBSD Security" <freebsd-security@freebsd.org>
>Message-ID: <016301c4506e$947644e0$3501a8c0@pro.sk>
>
>Hi all,
>
>please advice me - I was on holidays for one week. After return I found in
>security mails from
2007 Feb 23
2
Latest Plus Kernel include MD RAID-1 BIO_RW_SYNC patch?
I am inquiring on the list if anybody knows if the latest plus kernel
includes the fixes for MD RAID-1 where it didn't pass down the
BIO_RW_SYNC flag on cloned bios.
This bug was discovered in December by the DRBD project and patches were
posted by Lars Ellenberg from that project to the LKM which were then
merged into the 2.6.19 kernel.
The bug causes severe performance penalties for