[plug] chkrootkit
Steve Grasso
steveg at calm.wa.gov.au
Thu May 20 17:12:06 WST 2004
Hey Bill,
Is wted a log file? If so, copy /dev/null to the file?
That will leave file permissions/ownership/filetype intact while clearing it.
This is most useful for files like utmp and wtmp, but I may be way off the mark
regarding your use of chkrootkit. I've only ever used chkrootkit as a single
shot on sus machines.
Cheers,
Steve
Quoting William Kenworthy <billk at iinet.net.au>:
> I use chkrootkit on a number of machine and find that often when a
> machine crashes, it lists a deletion in wted - probably due to
> corruption of some file.. One machine is getting quite a list
> (developed over a couple of years) so I am now looking for a way to
> reset/clear this data. Can someone help with a hint as to how this can
> be done?
>
> Thanks,
> BillK
>
>
> _______________________________________________
> PLUG discussion list: plug at plug.linux.org.au
> http://mail.plug.linux.org.au/cgi-bin/mailman/listinfo/plug
> Committee e-mail: committee at plug.linux.org.au
>
More information about the plug
mailing list