[CentOS] Uselib24/bindz - owned!
Jason Dixon
jason at dixongroup.net
Thu May 4 10:22:38 UTC 2006
On May 4, 2006, at 1:37 AM, Nick wrote:
> Rick Philbrick wrote:
>> Hi,
>>
>> Well thats telling. So do you have chkroot-kit installed? Although
>> you know you've got to have a root-kit on there. Anyway, it may help
>> narrow your search of the directories and the changes within.
>>
>> -rickp
>>
>
> Well i quarantined the files and then ran rkhunter and chkrootkit
> and both came back ok. Not going to risk not starting over on the
> box but if i can't tell how they got in then I'm not stopping it
> happening again. It could of course have something to do with one
> of the webapps the box runs (forum software)...
You used trusted binaries when running chkrootkit, right?
--
Jason Dixon
DixonGroup Consulting
http://www.dixongroup.net
More information about the CentOS
mailing list