JB <jb.1234abcd <at> gmail.com> writes: > ... > > Ran chkrootkit and it hit on netstat as Infected (imagine that). It > > also reported a possible LKM Trojan intrusion. I then ran rkhunter and > > it threw warnings on the following files: > > /bin/netstat > > /bin/ps > > /usr/bin/top > > /usr/bin/lsof > > > ... > You should test your other servers with both security programs as well. > You should do it on a regular basis, by the way. > ... A follow-up. After you performed a scan of the other servers, should you discover similar infections, do not stop investigating or nuke the system immediately. There are a few simple steps that should be done, best from a read-only live-cd: - compare sizes of infected files to ones in the OS's repository - for binaries there is a 'strings' command whose results may be compared as above Do not get irritated by something like that. You are lucky to know you have been hacked; there are millions of users who do not know it yet, if ever. JB -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
