[TriLUG] Re: [GoLugTech] weird time stuff in FC3

Marc Maxwell linuxr at gmail.com
Fri Nov 26 10:52:27 EST 2004 

On Fri, 26 Nov 2004 10:30:07 -0500 (EST), Mike Norwood
<norwoodm at earthlink.net> wrote:
> 
> 
> Hi,
> 
> I am not sure if anyone replied to you yet, but as far as checkrootkit
> goes, you should just be able to download it, then untar it, then in that
> directory, type "make sense"  and then as root ./chkrootkit
> 
> I am not sure I understand the output that you had from your command.
> 
> Mike
> 
> 
> 
> On Wed, 24 Nov 2004, linux r wrote:
> 
> > On Mon, 22 Nov 2004 16:14:11 -0500, linux r <linuxr at gmail.com> wrote:
> >
> > Hello,  I am still having a problem with the machine showing Moscow
> > time on FC3.  I have done all I know to do, and changing the time
> > didn't help. Now I want to know if it is being compromised.
> >
> > Starting nmap 3.70 ( http://www.insecure.org/nmap/ ) at 2004-11-25 20:06 EST
> > Interesting ports on localhost.localdomain (127.0.0.1):
> > (The 65529 ports scanned but not shown below are in state: closed)
> > PORT      STATE SERVICE
> > 22/tcp    open  ssh
> > 25/tcp    open  smtp
> > 111/tcp   open  rpcbind
> > 631/tcp   open  ipp                  ?
> > 5335/tcp  open  unknown    <-----?
> > 32769/tcp open  unknown    <------?
> >
> > I think I've been had. What do you think ?  How do I turn off a port
> > at the command line?
> >
> > Also I am installing chkrootkit.  Here is what I've got so far.
> >
> > [root at 202 chkrootkit-0.44]# mkdir /var/adm
> > [root at 202 chkrootkit-0.44]# echo " " >/var/adm/wtmp
> > [root at 202 chkrootkit-0.44]# echo " " >/var/adm/lastlog
> > [root at 202 chkrootkit-0.44]# http://www.start-linux.com/chkrootkit
> > bash: http://www.start-linux.com/chkrootkit: No such file or directory
> > [root at 202 chkrootkit-0.44]#
> >
> > I haven't run checkroot yet and apparrently there is some specific
> > verbiage for FC (3 in this case).  Can anyone tell me what to do to
> > get chkroot on there and then how to run it?
> >
> > Cheers,
> > Marc

Thanks MIke.   With your help I got chkrootkit to run its script and
everything looks good after all.  I think I can safely assume this is
a bug and file a report on it.

Thanks everybody for the help.  
Marc

More information about the TriLUG mailing list