dpkg -l result:
ii kernel-image-2 2.4.27-10sarge Linux kernel image
for version 2.4.27 n 386
ii kernel-package 8.135 A utility for building Linux kernel related
ii kernel-patch-v 1.9.5.5 context switching virtual private servers -
ii kernel-source- 2.4.27-10sarge Linux kernel source
for version 2.4.27 with
My procedure:
apt-get install kernel-package kernel-source-2.4.27 kernel-patch-vserver
ncurses-dev libdb3-dev initrd-tools
..
..
..
gunzip -c
/usr/src/kernel-patches/diffs/vserver/patch-2.4.27-9-vs1.2.10-2.diff.gz
> /usr/src/kernel-patches/diffs/vserver/patch-2.4.27-9-vs1.2.10-2.diff
patch -p1 <
/usr/src/kernel-patches/diffs/vserver/patch-2.4.27-9-vs1.2.10-2.diff
I run chkrootkit inside the guest (virtual server)
Please send me result you test,
Best,
Ugo Rebaudo.
Herbert Poetzl wrote:
> On Mon, Apr 03, 2006 at 05:24:02PM +0200, Ugo Rebaudo wrote:
>> Incredible!!!
>> with all the new vserver created I have this problem:
>>
>> chkrootkit result
>> Possible LKM Trojan installed found!!!
>>
>> I have try to change many sources of mirror
>> without to resolve the problem....
>>
>> help me!
>
> interesting ... what patch version is that?
>
> when I find a few minutes, I will check if that
> is 'normal' for the chkrootkit on a vserver
> patched kernel, but it sounds suspicious
>
> do you run it inside the guest or on the host?
>
> best,
> Herbert
>
>> reby.
>>
>>
>> Result of chkrootkit version 0.44:
>> ...
>> ...
>> Checking `lkm'... SIGINVISIBLE Adore found
>> Warning: Possible LKM Trojan installed
>> ...
>> ...
>>
>>
>> My configuration:
>>
>> linux:/# vserver-info
>> Versions:
>> Kernel: 2.4.27
>> VS-API: 0x00010004
>> util-vserver: 0.30.204; Dec 20 2005, 16:58:50
>>
>> Features:
>> CC: gcc, gcc (GCC) 3.3.5 (Debian 1:3.3.5-13)
>> CXX: g++, g++ (GCC) 3.3.5 (Debian 1:3.3.5-13)
>> CPPFLAGS: ''
>> CFLAGS: '-Wall -g -O2 -std=c99 -Wall -pedantic -W'
>> CXXFLAGS: '-g -O2 -ansi -Wall -pedantic -W
>> -fmessage-length=0'
>> build/host: i386-pc-linux-gnu/i386-pc-linux-gnu
>> Use dietlibc: yes
>> Build C++ programs: yes
>> Build C99 programs: yes
>> Available APIs: compat,v11,v13,fscompat,net,oldproc,olduts
>> ext2fs Source: e2fsprogs
>> syscall(2) invocation: fast
>> vserver(2) syscall#: 273/glibc
>>
>> Paths:
>> prefix: /usr
>> sysconf-Directory: /etc
>> cfg-Directory: /etc/vservers
>> initrd-Directory: $(sysconfdir)/init.d
>> pkgstate-Directory: /var/run/vservers
>> Kernelheaders: /usr/include
>> vserver-Rootdir: /var/lib/vservers
>>
>> _______________________________________________
>> Vserver mailing list
>> Vserver@list.linux-vserver.org
>> http://list.linux-vserver.org/mailman/listinfo/vserver
> _______________________________________________
> Vserver mailing list
> Vserver@list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver
>
>
_______________________________________________
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
Received on Mon Apr 3 21:06:08 2006