chkrootkit-0.44 netstat cmd infected ?
jcharles at system-and-network.org
Sat Nov 6 03:00:53 PST 2004
Pierre a écrit :
> I've been using several versions of home made linux box LFS based for
> a while now. I've been recently hacked, and after a chrootkit check
> i've noticed that all version of LFS (latest and earlier) seems to
> have an infected NETSTAT cmd after a chrootkit check. Does anyone have
> remarked this before ?
This comportement is normal, your netstat is not stripped. Then addr.h
is present in debugging symbol, that make rootkit to react like if that
binary has just be compiled an thinking is a hack version.
Just stripp it and the rootkit warning will disappear :)
More information about the lfs-support