On 2007-07-29, Douglas Allan Tutty <[EMAIL PROTECTED]> wrote: > On Sun, Jul 29, 2007 at 12:48:16PM +0000, Tyler Smith wrote: >> On 2007-07-29, Jeff D <[EMAIL PROTECTED]> wrote: > >> I ran rkhunter again, and then for good measure I aptitude --purged >> it, reinstalled, and ran again. And then I thought maybe the whole >> thing was compromised, so I purged it again, installed rkhunter 1.30 >> from sourceforge, and ran again. And I also ran chkrootkit. In all >> cases they showed nothing happening, except for warning me that some >> of my /bin executables had been replaced by scripts -- stuff like >> egrep, fgrep etc. >> >> So perhaps it was just a false positive. I'm going to read up on >> security stuff now, so maybe I'll have some idea how to proceed the >> next time. >> > > Its tricky. If you have been rooted, you can't trust anything on the > system, including aptitude. As for reading, try the package harden-doc. >
That's what I was thinking. But is there any way a rootkit could interfere with my downloading and compiling from source? I was hoping that doing things 'by hand' would limit the possibilities for compromising the result. I will look at harden-doc. I'm working through the Linux how-to security quick start at the moment. Thanks, Tyler -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
