Ben Lutgens <blutgens at sistina.com> writes: > On Tue, Sep 17, 2002 at 02:16:44PM -0500, David Dyer-Bennet wrote: > > > >There's a bug in the chkrootkit script where it requires that the > >chkproc executable be in the same directory the script is running in. > >It isn't in a normal install from your rpm (unless you run chkrootkit > >from /usr/bin). > > So grab the tarball, uncompress, cd, type make, then run the bin.... So reporting the problem up the chain I got it through is for some reason inapprorpiate? I figured out the immediate workaround and used it, but I thought mentioning the issue was good too. Yeah, I could have make a patch, but since I installed from RPM I didn't have the tarball handy. > It's pretty stupid to install it and leave it installed on a box as it > could be replaced by and cracker upon compromise anyway. Generally one > compiles and copies to a "rescue" cd or some such. Who said anything about *leaving* it installed? (or at least using the version left installed) That's your invention. > >And it says nothing is wrong with my system, which I'm nearly certain > >is false (probably an LKM). Key executables change over time, and > >when a changed one is run extra processes are spawned. And they > >usually hang. I think I've got a partial, failed, installation of > >something on my server. Bah, humbug. > > And is this victim still connected to the 'Net? If so, why? Sure is. Can't fix it without finding what's wrong. -- David Dyer-Bennet, dd-b at dd-b.net / http://www.dd-b.net/dd-b/ John Dyer-Bennet 1915-2002 Memorial Site http://john.dyer-bennet.net Dragaera mailing lists, see http://dragaera.info