Re: Chkrootkit - can't find 'strings'

From: Sam Miller (svekan_at_mindspring.com)
Date: 10/09/04 

Date: Sat, 09 Oct 2004 01:44:37 GMT

On Fri, 08 Oct 2004 09:33:10 +0100, Tim Haynes wrote:

> Sam Miller <svekan@mindspring.com> writes:
>
>> On Fri, 08 Oct 2004 04:14:57 +0000, Bit Twister wrote:
>>
>>> On Fri, 08 Oct 2004 04:03:51 GMT, Sam Miller wrote:
>>>> On Fri, 08 Oct 2004 03:05:15 +0000, Bit Twister wrote:
>>> . By the way, booting from Knoppix said ps was okay but ifconfig was
>>>> not. Md5sums checked again.
>>>
>>> Sounds like you are getting random results.
>>>
>>> I would run memtest86 or have a hardware problem.
>>
>> I believe you've got something there. By the way, copying /usr/bin/strings
>> from the one machine to the other got chkrootkit started again. I
>> downloaded the latest tarball and was given a clean slate.
>>
>> Dang, and this machine is less than a year old.
>
> Well, I'm surprised that you managed to have a linux box installed without
> strings(1) present, so either
> a) chkrootkit wasn't finding it (I find I have to be in /usr/sbin and type
> ./chkrootkit for it to find its component executables on gentoo, myself)
> b) there's hardware corruption shitting on your filesystems
> or
> c) some nasty eejit removed it as part of a borked rootkit install.

Thanks everyone for your help. I was told that /usr/bin/strings is
installed through binutils, so I reinstalled it and chkrootkit began
working again. I'm leaning towards (2) in the post above as I began having
problems with X and my video card at the same time. Reinstalling Nvidia's
driver solved that. Hoping that the minor thunderstorm yesterday caused
problems.

The system was wiped and reinstalled about a month ago with a firewall in
place before going online and Clamav as one of the first programs. I have
no services like telnet or the like open.

But I'll check and recheck using the tools and hints given me.

Thanks again.

Loading