> -----Original Message-----
> From: Adam Crews [mailto:adam.crews (at mark) gmail.com]
> Sent: Friday, December 29, 2006 10:01 PM
> To: coba-e (at mark) bluequartz.org
> Subject: [coba-e:08420] Re: System hacked?!?!?
>
> If you suspect you have been hacked, do not trust anything on the
> system to give you accurate readings. You should get netstat from a
> rpm, or other trusted system and use that binary. There are some
> rootkits that will install updated versions of lsof, netstat, ps, ls,
> and other useful tools that will hide the root kit's existence.
>
> -Adam
>
I've considered doing that... BUT... the current netstat indicates the
ports are in use by sendmail & PortSentry. When I shutdown portsentry &
sendmail and then run chkrootkit again (have now upgraded to V0.47) it shows
no bindshell issues.
I also installed rkhunter-1.2.8 yesterday and, while it doesn't recognize my
OS (and didn't run MD5 checks)... it finds no evidence of any rootkits.
--Will