Mike Dwiggins <mike <at> azdwiggins.com> writes: > > JB, > > I figured you or someone else might like to know this. I killed the dhc > process and cleaned up the .conf files did a restart on Network Manage > and everything worked! > > Ran chkrootkit and it hit on netstat as Infected (imagine that). It > also reported a possible LKM Trojan intrusion. I then ran rkhunter and > it threw warnings on the following files: > /bin/netstat > /bin/ps > /usr/bin/top > /usr/bin/lsof > > It also reported undocumented password change and group file changes. > > Password I could see with me going through Webmin to reset the root > password but, I was careful to change nothing else much less groups! > > I rebooted and the problem was back just as before! > > With that I threw up my hands and have WipeDrive going on the drives in > DoD mode! > > Hope this might help someone! > > Again thanks for the help! > Hi, congratulations, even if that does not seem appropriate :-) You should test your other servers with both security programs as well. You should do it on a regular basis, by the way. Rkhunter installs as a cron job as well and sends a report to your system mail box. # ls /etc/cron.daily/ ... rkhunter ... Keep around some good (and up-to-date) live-cd (Knoppix, etc) that also has those security programs on it (check that beforehand). It must be kept up-to-date (downloaded and burned) frequently due to changes in attack patterns recognition. But it is safer to perform the scan from a read-only media. There is a clear sense of apprehension in Fedora community :-) JB -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
