From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1IYGlS-0000Ty-76 for garchives@archives.gentoo.org; Thu, 20 Sep 2007 07:47:58 +0000 Received: from robin.gentoo.org (localhost [127.0.0.1]) by robin.gentoo.org (8.14.0/8.14.0) with SMTP id l8K7ck8b021676; Thu, 20 Sep 2007 07:38:46 GMT Received: from nz-out-0506.google.com (nz-out-0506.google.com [64.233.162.237]) by robin.gentoo.org (8.14.0/8.14.0) with ESMTP id l8K7YPRp017349 for ; Thu, 20 Sep 2007 07:34:25 GMT Received: by nz-out-0506.google.com with SMTP id s18so371189nze for ; Thu, 20 Sep 2007 00:34:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; bh=hV9jvf2ltm9+pzGUL5Jcqdss+WYXG0cKEkcQbVlWHSM=; b=Zm03+6rdkYpvVsJnnVl6UMvHnjwFzUHA8tBXsIkdGcEaD8Tnat6coQsOdu+J3IrcN+2zkunftPhqYMgv7xKnzinqD9vF5P6Bafm8jKNqRT847gdNDLiJYGfW+tP+XFEzIFx+Ev7Y6urKb9sK5aCZDnymu4ZgZ2c7sKb+zvRXyuA= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=AtxlcPTLRAg2HdxoXfOB57FDjUiJd3knT1S0MnbL0+fyZ1iExceBRqJZGDG/Z20gbA6aPs1vQCRbY3qbFy9QsSBbzSe/JQrbOr7UCELE/1GH2EY0a0W4U+CZkPsMOmwv4n2QcT3zhzchCYqJZlnvK5WuJG/Qn1toex2ZrVy6zVc= Received: by 10.142.237.20 with SMTP id k20mr570122wfh.1190273664668; Thu, 20 Sep 2007 00:34:24 -0700 (PDT) Received: by 10.143.157.6 with HTTP; Thu, 20 Sep 2007 00:34:24 -0700 (PDT) Message-ID: <169ffc030709200034q7828ce8bla3509cb2acbb0c98@mail.gmail.com> Date: Thu, 20 Sep 2007 08:34:24 +0100 From: Mark To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] Hacked by association? In-Reply-To: <49bf44f10709191843p465df443wc2ea477d6bc84d78@mail.gmail.com> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <49bf44f10709191109x58494aa3n3182cea59553d510@mail.gmail.com> <20070919201840.21187125@zaphod.digimed.co.uk> <49bf44f10709191843p465df443wc2ea477d6bc84d78@mail.gmail.com> X-Archives-Salt: 056602db-344b-496b-a520-4195ae5f7a32 X-Archives-Hash: 6a315e3289e5f4d608bf4b4cdc8d188d On 20/09/2007, Grant wrote: > > equery check sys-process/procps > > equery check sys-apps/coreutils > > These check out. Chances are you are fine then. > chkrootkit reports no problems whatsoever which is actually kind of > weird as I remember some things being reported last time I ran it, but > I looked into them then and they weren't a problem. The last time? Be careful, chkrootkit/rkhunter should always be used on the fly, leaving them on a system could allow them to be compromised and therefore negate the checks they run. > rkhunter reports no problems but it says it couldn't determine the OS > so MD5 checks were skipped. Which doesn't matter as you checked out with the equery. One other thing to check is to look for additional user (or root / toor) accounts. A cracker may well have added one to allow them access after the fact. Still I would be of the opinion that you are safe. Thanks Mark -- gentoo-user@gentoo.org mailing list