Re: lug-bg: rootkit

[bombe@xxxxxxxxx (Vesselin Kotarov)]

rpm -Via .. ili neshto ot sorta (pogledni man page-a) shte ti pokave wsichki
promeneni files.
ottam gledash toq file na koj package prinadlevi - rpm -qf /bin/login
(primerno) i
install-wash paketa s rpm -Uvh --force package-shalala.i386.rpm
za skritite process i file - ne znam kak shte gi tyrsish.

hth. B.

----- Original Message -----
From: <focus@xxxxxxxxxxxxxxx>
To: <lug-bg@xxxxxxxxxxxxxxxxxx>
Sent: Monday, February 18, 2002 1:26 PM
Subject: lug-bg: rootkit

> Zdraveite , administriram ot niakolko dni rh 7.2 server zabeliazah
> otvoren 199 (smux) port smetnah go za stranno poneje smux e obsolette
> protocol a i service-a ne se vikashe v nikoi init scriptove. Na
> server-a biaha pusnati rpc.statd telnet webmin predpolagam 4e hackera
> e probil ot tam. Sushto mrejovite interface-i sa nastroeni v promisc
> mode.Ifconfiga e precompiliran poneje adva vseki nov iface v promisc
> rejim. Smenih root parolata , filtrirah 199 port , razkarah telnet
> webmin etc .. . Chkrootkit pokaza 4e ima 1 skrit file i 1 skrit
> process. Svalih kstat za da vidia koi kernel moduli se zarejdat a
> sushto i da vidia vsi4ki procesi no za sujalenie kstat ne iska da se
> compilira na RH 7.2 a homepage-a na kstat http://s0ftpj.org e down .
> Ako niakoi moje da mi pomogne kato mi preporu4a niakakuv podoben tool
> ili da mi dade nasoka za budeshti deistivia shte sum izklu4itelno
> blagodaren.
>
>
===========================================================================
> A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers)
> http://www.linux-bulgaria.org/ Hosted by Internet Group Ltd. - Stara
Zagora
>
>

===========================================================================
A mail-list of Linux Users Group - Bulgaria (bulgarian linuxers)
http://www.linux-bulgaria.org/ Hosted by Internet Group Ltd. - Stara Zagora