Bob Tanner <tanner at real-time.com> writes: > We (at Real Time) are seen evidence of Scalper and Slapper, so for your > pleasure: > > + chkrootkit-0.37-realtime.1 > - chklastlog.c fix; (thanks to Gerard van Wageningen) > - chkproc.c improvements; (thanks to Morohoshi Akihiko, Kostya Kortchinsky > and Aaron Sherman) > - new rootkits detected: > o OpenBSD rk v1 > o Illogic rootkit (thanks to Andrey Chernomyrdin) > o SK rootkit (thanks to Razvan Cosma) > - new worms detected: > o Scalper (FreeBSD/Apache chunked encoding worm) > o Slapper (Apache/mod_ssl Worm) > > Since gladiator is still syncing, the RPM will be available here: > > http://www.tanners.org/~tanner/downloads/RPMS/ There's a bug in the chkrootkit script where it requires that the chkproc executable be in the same directory the script is running in. It isn't in a normal install from your rpm (unless you run chkrootkit from /usr/bin). And it says nothing is wrong with my system, which I'm nearly certain is false (probably an LKM). Key executables change over time, and when a changed one is run extra processes are spawned. And they usually hang. I think I've got a partial, failed, installation of something on my server. Bah, humbug. -- David Dyer-Bennet, dd-b at dd-b.net / http://www.dd-b.net/dd-b/ John Dyer-Bennet 1915-2002 Memorial Site http://john.dyer-bennet.net Dragaera mailing lists, see http://dragaera.info