[CentOS] Security advice, please

Anne Wilson cannewilson at googlemail.com
Fri Dec 18 10:35:52 UTC 2009


I run chkrootkit daily.  For the first time I've got reports of a problem -

Checking `bindshell'... INFECTED (PORTS:  1008)

The page http://fatpenguinblog.com/scott-rippee/checking-bindshell-infected-
ports-1008/ suggests that this might be a false positive, so I ran 'netstat -
tanup' but unlike the report, it wasn't famd on the port.  It was

tcp        0      0 0.0.0.0:1008                0.0.0.0:*                   
LISTEN      3797/rpc.mountd 

It looks as though certain services are marked as suspicious when they grab 
port 1008.  I tried to find how to restart the service, but without success, 
but a reboot put rpc.mountd onto another port, and chkrootkit no longer 
reports a problem.  (I had rebooted last evening after an update including a 
kernel version.)

I think that it really was a false alarm, but I would really like to know how 
I could restart that service without rebooting.  system-config-services didn't 
do the trick, and I simply didn't know what else to try.  In case I meet this 
again, can you please advise me?

Anne
-- 
KDE Community Working Group
New to KDE4? - get help from http://userbase.kde.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
Url : http://lists.centos.org/pipermail/centos/attachments/20091218/d518c7b6/attachment.bin 


More information about the CentOS mailing list