On 3 May 2006, in the Usenet newsgroup comp.os.linux.networking, in article
<(E-Mail Removed) .com>,
(E-Mail Removed) wrote:
>I was having trouble running something I heard about called chkrootkit.
>You download this file, expand and compile it, and then run a Bash
>script. It checks your system for known rootkits.
Yeah, it's a windoze wannabe that looks for old rootkits. You might
notice that the latest version on
http://www.chkrootkit.org/ is 0.46a
which was released October 28 of last year. Not staying very up to date.
>Worked great on Ubuntu, but then it failed on RH9. When I dug where it was
>failing, it turns out that it was the netstat command. You see, on my Ubuntu
>system, the netstat command runs and then stops. But on my RH9 system,
>the netstat command runs and runs and runs and runs -- it never stops.
What happens when you run the command manually? What does the command
'rpm -Vf /bin/netstat' show?
>Therefore, I uninstalled and reinstalled the netstat command, and that
>failed. So then I went and found net-tools on the Internet and
>recompiled it, and it still failed.
"that failed." - What's that supposed to mean? Did the computer catch
on fire or something?
>However, even that did not help and the netstat runs continuously.
rpm -Va > files2check
Do that as root. rpm should bitch about your modified netstat command,
but what else doesn't it like. See the man page for 'rpm' under VERIFICATION
to see what the flags mean. If rpm _doesn't_ complain, you're box is toast.
>...then I bounced with ifdown/ifup.
What is "bounced"? Are you saying that you ran those commands?
>I tried all that so that I wouldn't have to reboot this system and blow
>my uptime bragging rights.
Oh, so you're not bothering to keep the system up to date? Little hint for
you - the last _kernel_ update for RH9 was kernel-2.4.20-46.9.legacy on
March 5, or about 60 days ago. A kernel update requires a reboot, and 60
days is nothing for uptime.
http://download.fedoralegacy.org/ And if
you're not bothering to update the kernel, what about the rest of the
servers/applications? 'fedoralegacy' is backporting errata from Fedora
into RH7.3 and 9 for the time being, but they're a bit slow.
>Turns out, none of this helped. In fact, there's a KB doc at RH that
>claims the "bogus tcp line" is a RH anomaly that they *STILL* haven't
>fixed. In fact, they took the Microsoft approach and tried to not call
>it a bug. Microsoft = RH?
Did you also notice that Red Hat ended support for RH9 over a year ago?
RH9 was replace by Fedora Core in November 2003, and Fedora is now on it's
fifth release since then.
>Unless you can recommend something else, I'm going to have to reboot
>this RH9 box, blowing all my linux uptime bragging rights.
If you're into windoze tools, you can try running 'rkhunter' (from
http://www.rootkit.nl/) which is similar to chkrootkit. You can also
run the 'rpm -Va' command noted above, but that assumes that your rpm
binary and the rpm database haven't been tampered with. Failing that,
wipe the sucker and install a modern distribution.
Old guy
Similar Threads
Linear Mode
