[CentOS] Uselib24/bindz - owned!

Jason Dixon jason at dixongroup.net
Thu May 4 10:22:38 UTC 2006

On May 4, 2006, at 1:37 AM, Nick wrote:

> Rick Philbrick wrote:
>> Hi,
>> Well thats telling.  So do you have chkroot-kit installed?  Although
>> you know you've got to have a root-kit on there. Anyway, it may help
>> narrow your search of the directories and the changes within.
>> -rickp
> Well i quarantined the files and then ran rkhunter and chkrootkit  
> and both came back ok. Not going to risk not starting over on the  
> box but if i can't tell how they got in then I'm not stopping it  
> happening again. It could of course have something to do with one  
> of the webapps the box runs (forum software)...

You used trusted binaries when running chkrootkit, right?

Jason Dixon
DixonGroup Consulting

More information about the CentOS mailing list