Ben Lutgens <blutgens at sistina.com> writes:

> On Tue, Sep 17, 2002 at 02:16:44PM -0500, David Dyer-Bennet wrote:
> >
> >There's a bug in the chkrootkit script where it requires that the
> >chkproc executable be in the same directory the script is running in.
> >It isn't in a normal install from your rpm (unless you run chkrootkit
> >from /usr/bin).
> 
> So grab the tarball, uncompress, cd, type make, then run the bin....

So reporting the problem up the chain I got it through is for some
reason inapprorpiate?  I figured out the immediate workaround and used
it, but I thought mentioning the issue was good too.  Yeah, I could
have make a patch, but since I installed from RPM I didn't have the
tarball handy.

> It's pretty stupid to install it and leave it installed on a box as it
> could be replaced by and cracker upon compromise anyway. Generally one
> compiles and copies to a "rescue" cd or some such.

Who said anything about *leaving* it installed?  (or at least using
the version left installed)  That's your invention.

> >And it says nothing is wrong with my system, which I'm nearly certain
> >is false (probably an LKM).  Key executables change over time, and
> >when a changed one is run extra processes are spawned.  And they
> >usually hang.  I think I've got a partial, failed, installation of
> >something on my server.  Bah, humbug.
> 
> And is this victim still connected to the 'Net? If so, why? 

Sure is.  Can't fix it without finding what's wrong.
-- 
David Dyer-Bennet, dd-b at dd-b.net  /  http://www.dd-b.net/dd-b/
 John Dyer-Bennet 1915-2002 Memorial Site http://john.dyer-bennet.net
	   Dragaera mailing lists, see http://dragaera.info