Over the last few days, I've seen the following type of entry in my
snort report:
The distribution of event methods
===
%# of method
===
5.81 5 (portscan) TCP Portsweep
3
On Mon, April 18, 2005 09:35, Sigmund Straumsnes wrote:
> Check /usr/bin/slocate with lsattr.
>
> rootkits may set attributes to prevent overwriting infected files, so you
> could check for intrusion.
Thanks, you are indeed correct that the attributes had been changed. I
will start investigating
Hello people,
When upgrading to the recent slocate security update, it fails to install
on one of my woody systems. It installs on my other systems, but I can't
find where the problem is. I get the following messages. Any help in
resolving this is appreciated.
Regards,
Thijs Kinkhorst
Preparing to
3 matches
Mail list logo
