I'm using CentOS 4.3 as my email server, postfix as MTA, and
open-xchange as webmail.
I installed chkrootkit and rkhunter. The configuration is rkhunter
and chkrootkit will execute evry 3am and email its result to the
administrator account.
I found this report with chkrootkit and also was surprised that and
email account was
created. I think that the system is compramized.
How do I deal with this issue?
A help is well appreciated.
Thanks,
Sandeil
Here is the output of chkrootkit:
---------
Checking `asp'... not infected
Checking `bindshell'... not infected
Checking `lkm'... You have 2 process hidden for readdir command
You have 2 process hidden for ps command
chkproc: Warning: Possible LKM Trojan installed
Checking `rexedcs'... not found
Checking `sniffer'... eth0: PF_PACKET(/usr/sbin/snort-plain)
Checking `w55808'... not infected
Checking `wted'... chkwtmp: nothing deleted
Checking `scalper'... not infected
Checking `slapper'... not infected
Checking `z2'... chklastlog: nothing deleted
Checking `chkutmp'... chkutmp: nothing deleted
_________________________________________________ Philippine Linux Users' Group (PLUG) Mailing List plug@lists.linux.org.ph (#PLUG @ irc.free.net.ph) Read the Guidelines: http://linux.org.ph/lists Searchable Archives: http://archives.free.net.ph
