On Tue, Sep 17, 2002 at 02:16:44PM -0500, David Dyer-Bennet wrote:
>
>There's a bug in the chkrootkit script where it requires that the
>chkproc executable be in the same directory the script is running in.
>It isn't in a normal install from your rpm (unless you run chkrootkit
>from /usr/bin).

So grab the tarball, uncompress, cd, type make, then run the bin....

It's pretty stupid to install it and leave it installed on a box as it
could be replaced by and cracker upon compromise anyway. Generally one
compiles and copies to a "rescue" cd or some such.

>
>And it says nothing is wrong with my system, which I'm nearly certain
>is false (probably an LKM).  Key executables change over time, and
>when a changed one is run extra processes are spawned.  And they
>usually hang.  I think I've got a partial, failed, installation of
>something on my server.  Bah, humbug.

And is this victim still connected to the 'Net? If so, why? 

-- 
Ben Lutgens				 | http://people.sistina.com/~blutgens/	
System Administrator	 | http://www.sistina.com/
Sistina Software Inc. | 

"If you love something set it free, if it doesn't come back to you
hunt it down and set it on fire" -- George Carlin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: not available
Url : http://shadowknight.real-time.com/pipermail/tclug-list/attachments/20020917/5d8965f2/attachment.pgp