OT: security was Re: [PlanetCCRMA] Re: apt-get segfault

Guy Daniel CLOTILDE guy.clotilde@wanadoo.fr
Tue Feb 3 20:44:01 2004

I wrote / a écrit:
> OK, wget and rpm were bad, and some .pyc files.
> I was able to unpack a rpm package, copy the rpm binary to /usr/bin,
> then 'rpm -e wget' and then 'apt-get install wget' But now I'm quite
> worried... So I beg the mailing list for advice to detect if I've been
> rooted on my machine.

someone pointed me to www.chkrootkit.org, where I downloaded chkrootkit and launched it. Nothing wrong was found. Of course I have to launch chkrootkit from a clean machine and access the harddrive remotely to be totally sure.
Anyway, the ssh-agent that nestat found listening is 

	/bin/bash /usr/share/apps/switchdesk/Xclients

obviously something related to gdm.

What worried me was a mail telling me that some mails I send had a bad recipient, but it was a fake.