1833814 Members
2381 Online
110063 Solutions
New Discussion

hp-ux and chkrootkit

 
SOLVED
Go to solution
Mark Vollmer
Advisor

hp-ux and chkrootkit

Is chkrootkit from www.chkrootkit.org a reliable tool for hpux 10.20, 11.0, 11.11?

I am having difficulty compiling for 11.0.

Does the chkrootkit shell script produce reliable results without compiling the chklastlog, chkutmp, chkwtmp, ifpromisc?
msv.vollmer@gmail.com
3 REPLIES 3
harry d brown jr
Honored Contributor
Solution

Re: hp-ux and chkrootkit

http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=249747

live free or die
harry d brown jr
Live Free or Die
Mark Vollmer
Advisor

Re: hp-ux and chkrootkit

I was able to compile all the chkrootkit programs using your suggestions...Thank you very much.

The chkrootkit works fine for hpux 11.0, but I am having difficulty with the actual chkrootkit shell script on hpux 11i and 1020. It reports that the login binary is infected.

I have removed and reinstalled the latest cumulative login patch for both versions. Completed an swverify. Compared the chksum output to the patch readme... It looks fine.
HPUX 11.11 PHCO_27694 cumulative login
HPUX 10.20 PHCO_25591 cumulative login

Any suggestions for 10.20 and 11.11?
msv.vollmer@gmail.com
Florian Heigl (new acc)
Honored Contributor

Re: hp-ux and chkrootkit

Same here on 11.11:
Checking `login'... INFECTED

Patches to login on my system:
PHCO_27694 login(1) cumulative patch
PHCO_28194 logins(1M) patch.
PHSS_28388 HP DCE/9000 1.8 Integrated Login cum. patch


Unfortunately I can't say for sure that the program is wrong - this system is quite well patched, but still it has an open sshd to the outside world ;)

I'll try to setup an fresh 11.11 on a test box and record the result there. (unpatched, that is)
yesterday I stood at the edge. Today I'm one step ahead.