On Thu, Apr 24, 2003 at 07:32:01PM +0200, Kay-Michael Voit wrote:
>
> If I understand promisc mode, this is not a problem, so I can't fix
> it, so there will always be output (which I dont want, because cron
> sends a mail then)
Promiscuous mode is a sign of a running sniffer. Not necessarily
an
On Thu, 24 Apr 2003 19:32:01 +0200
Kay-Michael Voit <[EMAIL PROTECTED]> wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: MD5
>
> DCE> for (1) I guess you can put the binaries in a read-only medium
> DCE> and run them from there, like a CD-ROM or a write-protected
> DCE> floppy/flash-medium.
>
It may be slightly unpure, but what's wrong with:
chkrootkit -q | grep -vE '(eth[0-9]+:*[0-9]* *is not
promisc)'
That would at least avoid triggering the mail from the
cron job.
Regards,
Josh
--- Kay-Michael Voit <[EMAIL PROTECTED]> wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: MD5
>
> D
-BEGIN PGP SIGNED MESSAGE-
Hash: MD5
DCE> for (1) I guess you can put the binaries in a read-only medium and run
DCE> them from there, like a CD-ROM or a write-protected floppy/flash-medium.
Well, the attacker could just stop the cronjob... but great idea
though.
My server is a remote root
4 matches
Mail list logo
