[Bradford] chkrootkit and nasties found

Dick Thomas xpd259 at gmail.com
Wed Oct 5 22:09:18 UTC 2011 

I was just reading up on tripwire as I got your email looks good  will
google hardening system
I've already installed denyhosts and various other things (not that ssh is
public yet)
my main concern is Apache2 as I don't have much experience with securing
that it's normally already been done by my webhost
but I'm hosting a owncloud instance on my server linked to my NAS so I can
access pretty much everything everywhere


Dick



On 5 October 2011 23:02, Alice Kærast <kaerast at computergentle.com> wrote:

>
> Dotfiles like those are to be found all over a modern Linux distro. The key
> is comparing the results to a known clean install. That's not to say they're
> all ok just because they're known about, you then have to check what's
> inside them is legit.
>
> A better option is running something like Tripwire which will detect
> changes to key files based on hash sums and modified times. But you need to
> know your system is clean to begin with.
>
> Run your rootkit finder from a live CD, sort out any results (most will be
> false positives), go through the hardening procedures for your distro
> (Debian has a nice package which will help you - can't remember the name),
> then get tripwire running.
>
> Alice
>
>
> Sent from my Windows Mobile® phone.
>
> ------------------------------
> From: Dick Thomas <xpd259 at gmail.com>
> Sent: 05 October 2011 21:44
> To: Bradlug Mailing list <bradford at mailman.lug.org.uk>
> Subject: [Bradford] chkrootkit and nasties found
>
> hiya people
>
> I've just installed debian (and stop it my David S about using a real OS
> like slackware)
> and ran chkrootkit and got this output
>
> Searching for suspicious files and dirs, it may take a while... The
> following suspicious files and directories were found:
> /usr/lib/xulrunner-1.9.1/.autoreg /usr/lib/pymodules/python2.6/.path
> /usr/lib/iceape/.autoreg /usr/lib/iceweasel/.autoreg
> /usr/lib/jvm/java-1.5.0-gcj-4.4/.java-gcj-4.4.jinfo
> /usr/lib/jvm/.java-6-sun.jinfo /usr/lib/jvm/java-6-sun-1.6.0.26/.systemPrefs
> /usr/lib/jvm/.java-6-openjdk.jinfo /lib/init/rw/.ramfs
>
> any one got any ideas?
>
>
> --
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~
> Dick Thomas xpd259 at gmail.com
> www.xpd259.co.uk
> www.google.com/profiles/xpd259
>
>
>


-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~
Dick Thomas xpd259 at gmail.com
www.xpd259.co.uk
www.google.com/profiles/xpd259
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.lug.org.uk/pipermail/bradford/attachments/20111005/8b42bc57/attachment.htm>

More information about the Bradford mailing list