similar to: chkrootkit reporting possible LKM trojan

Running freeBSD 6.1 After changing chkrootkit to the latest version V. 0.47 and compiling it then running it I get the following: ==================<SNIPPIT>================ Searching for anomalies in shell history files... nothing found Checking `asp'... not infected Checking `bindshell'... INFECTED (PORTS: 6667) Checking `lkm'... You have 131 process hidden for readdir

Hello, last night, my chkrootkit crontab returned an alarm message : > Checking `lkm'... You have 1 process hidden for readdir command > You have 2 process hidden for ps command > Warning: Possible LKM Trojan installed Some research on google make me think it's probably a false positive. I tried few things : re-launching chkrootkit : "Checking `lkm'...

Hi, I have a 4.9-STABLE FreeBSD box apparently hacked! Yesterday I ran chkrootkit-0.41 and I don't like some of the outputs. Those are: chfn ... INFECTED chsh ... INFECTED date ... INFECTED ls ... INFECTED ps ... INFECTED But all the rest is NOT PROMISC, NOT INFECTED, NOTHING FOUND, NOTHING DELETED, or NOTHING DETECTED. I know by the FreeBSD-Security archives that

My machine got hacked a few days ago through the samba bug. I reinstalled everything cvsuped src-all, and ran chkrootkit. No more LKM but still... Can anyone please advise ? bash-2.05b# chkrootkit | grep INFECTED Checking `chfn'... INFECTED Checking `chsh'... INFECTED Checking `date'... INFECTED Checking `ls'... INFECTED Checking `ps'... INFECTED -- Jay -------------- next

Hi expeRts, I would like to calculate weighted mean by two factors. My code is as follows: R> tmp <- by(re$meta.sales.lkm[, c("pc", "sales")], re$meta.sales.lkm[, c("size", "yr")], function(x) weighted.mean(x[,1], x[,2])) The result is as follows: R> tmp size: micro yr: 1994 [1] 1.090

Hi Pasi, if I don''t change the tty to hvc it will stopped on Kernel 2.6.31.13 on i686 (console) localhost login: root Kernel 2.6.31.13 on i686 (console) localhost login: root Kernel 2.6.31.13 on i686 (console) localhost login: root After I change it to hvc0 followed the twiki page the log is Remounting root filesystem in read-write mode: [ OK ] Mounting local filesystems: [ OK

Hi. Here is the short version: If dom0 experiences a short (< 120 second) network outage the guests whose disks are on iSCSI LUNs get (seemingly) unrecoverable IO errors. Is it possible to make Xen more resiliant to such problems? And now the full version: We''re testing Xen on iSCSI LUNs. The hardware/software configuration is: * Dom0 and guest OS: SLES10 x86_64 * iSCSI LUN on

Hello, Please, don't use chkrootkit 0.46 on production machines. The "chkproc" process sends a SIGXFSZ (25) signal to init, that interprets this signal as a "disaster" and reboots after a 30s sleep. I'm contacting the chkrootkit maintainer to fix this problem. Sorry, Cordeiro

Hi all again, I must add, there are no log entries after June 9, 2004. "LKM" message first apeared June 8, 2004, after this day, there is nothing in /var/messages, /var/security ..... How could I look for suspicious LKM module ? How could I find it, if the machine is hacked and I can not believe "ls", "find" etc. commands ? Peter Rosa

I'm upgrading my primary server from RH 7.2 to CentOS-4.3.ServerCD. I REALLY like the ServerCD. Who needs all the fluff that comes with a standard distro? If I want a system-config-gooey I can run Xnest [1] and ssh -X from my laptop. Anyway I have two questions: 1) How can I collectively stop all the NFS, portmap, whatever? I'm hoping it can be manipulated as a group because occationally

Hi all, I have a question on /etc/inittab for DomU booted with xencons parameter. I saw the following error messages when I appended xencons=ttyS to DomU boot option. INIT: Id "1" respawning too fast: disabled for 5 minutes INIT: Id "2" respawning too fast: disabled for 5 minutes INIT: Id "4" respawning too fast: disabled for 5 minutes INIT: Id

List, The past few days the asterisk service on my server has crashed several times. I have had it running for months and have made no changes to it. When it crashes, I am unable to make calls or gain access to the CLI. The service has been stopped. If I try to start it again (service asterisk start), it will start and run for a few seconds then crash again. After a reboot, it will run

Ok, I've googled for 15+ minutes, and have yet to find a usable answer, so I'm going to annoy everyone and ask here. I have, in my posession, a creative VoIP blaster. I have installed the fobbit LKM and I can see the device. Can I use it with asterisk in any meaningful way, shape, or form? I'd love to be able to buy an IP phone, ATA, or FXO card, but lack the funds at the moment

My web & name server runs out of memory from time to time, to the point where it's completely unresponsive to anything. At that point reset is the only alternative. (Or, as this is a virtual guest, I just say "virsh destroy"). But why this happens - I would like to know. The host in question is a KVM guest, and runs CentOS 6.4. From "top" (situation now): Mem:

Hi all, I have two servers both identical in hardware and I have just done a clean install of CentOS 5.2 x86_64 on both. Sometimes (more often than not) when I log in at the physical console (e.g. tty1, tty2, etc.) I will be logged in and it stops responding even if the shell is not doing anything. When this happens I can still switch to another VT with alt+f2 and login as normal. I don't

I am not sure if I had a compromise but I am not sure I wanted some other input. I noticed in this in my daily security run output: pc1 setuid diffs: 19c19 < 365635 -rwsr-xr-x 1 root wheel 204232 Sep 27 21:23:19 2003 /usr/X11R6/bin/xscreensaver --- > 365781 -rwsr-xr-x 1 root wheel 205320 Dec 4 07:55:59 2003 /usr/X11R6/bin/xscreensaver It was the only file listed and I didn't

Hello everyone, I want to get a 1km by lkm grid raster image using my csv data. If I call latitude=a, longitude=b and preciptation=c. a<-(1,2,3,4,5) b<-(6,7,8,9,10) c<-(10,20, 30,40, 50) Then I found an example in r help which goes like pts = read.table("file.csv",......) library(sp) library(rgdal) proj4string(pts)=CRS("+init=epsg:4326") # set it to lat-long pts =

According to http://www.redhat.com/magazine/006apr05/features/selinux/ there is a package named selinux-policy-strict, which contains a series of rules for correctly handling many situations (software) when using strict policy. Does CentOS have this package available ? If not, can someone make it available through Centosplus or Addon, for example ? This package is not part of the upstream main

> > >Date: Sat, 12 Jun 2004 13:15:33 +0200 >From: "Peter Rosa" <prosa@pro.sk> >Subject: Hacked or not ? >To: "FreeBSD Security" <freebsd-security@freebsd.org> >Message-ID: <016301c4506e$947644e0$3501a8c0@pro.sk> > >Hi all, > >please advice me - I was on holidays for one week. After return I found in >security mails from

I am inquiring on the list if anybody knows if the latest plus kernel includes the fixes for MD RAID-1 where it didn't pass down the BIO_RW_SYNC flag on cloned bios. This bug was discovered in December by the DRBD project and patches were posted by Lars Ellenberg from that project to the LKM which were then merged into the 2.6.19 kernel. The bug causes severe performance penalties for