Weird Network Manager Problem (Updated)
JB
jb.1234abcd at gmail.com
Sun Sep 26 06:19:27 UTC 2010
Mike Dwiggins <mike <at> azdwiggins.com> writes:
>
> JB,
>
> I figured you or someone else might like to know this. I killed the dhc
> process and cleaned up the .conf files did a restart on Network Manage
> and everything worked!
>
> Ran chkrootkit and it hit on netstat as Infected (imagine that). It
> also reported a possible LKM Trojan intrusion. I then ran rkhunter and
> it threw warnings on the following files:
> /bin/netstat
> /bin/ps
> /usr/bin/top
> /usr/bin/lsof
>
> It also reported undocumented password change and group file changes.
>
> Password I could see with me going through Webmin to reset the root
> password but, I was careful to change nothing else much less groups!
>
> I rebooted and the problem was back just as before!
>
> With that I threw up my hands and have WipeDrive going on the drives in
> DoD mode!
>
> Hope this might help someone!
>
> Again thanks for the help!
>
Hi,
congratulations, even if that does not seem appropriate :-)
You should test your other servers with both security programs as well.
You should do it on a regular basis, by the way.
Rkhunter installs as a cron job as well and sends a report to your system mail
box.
# ls /etc/cron.daily/
... rkhunter ...
Keep around some good (and up-to-date) live-cd (Knoppix, etc) that also has
those security programs on it (check that beforehand).
It must be kept up-to-date (downloaded and burned) frequently due to changes in
attack patterns recognition.
But it is safer to perform the scan from a read-only media.
There is a clear sense of apprehension in Fedora community :-)
JB
More information about the users
mailing list