Page 2 of 2 FirstFirst 12
Results 11 to 15 of 15

Thread: help please is this a chkrootkit false positive - bindshell - not geek enough

  1. #11
    Join Date
    Aug 2013
    Beans
    78

    Re: help please is this a chkrootkit false positive - bindshell - not geek enough

    "Yes, that helps. Next time please tell us earlier on though."

    Good point. If something like this happens again I'll do that.

    "I suggest you keep a copy of your Integrit database with your other off-line backups"

    Yes I plan to start doing that of course, now. I guess in the scenario that I experienced I could have run integrit twice, a check with each database, and then compared the results to get an idea of what was different and why.

    May I ask you: if you think I'm being too quick to decide that it was a false positive then please tell me (I'll look at this thread), because I have the impression that you and also Samiux think it was; I think so, but I'm not anywhere near as well informed as you both. If I see a post like that from you then I won't mark it solved until I do more checking. But if the main ordeal is done then I think it might help others if I mark it solved.

    Thanks again.

  2. #12
    Join Date
    Aug 2009
    Beans
    Hidden!

    Re: help please is this a chkrootkit false positive - bindshell - not geek enough

    Quote Originally Posted by a-you View Post
    I guess in the scenario that I experienced I could have run integrit twice, a check with each database, and then compared the results to get an idea of what was different and why.
    Yes!


    Quote Originally Posted by a-you View Post
    if the main ordeal is done then I think it might help others if I mark it solved.
    Now you know how to check things. So please mark the thread solved, yes.

  3. #13
    Join Date
    Aug 2013
    Beans
    78

    Re: help please is this a chkrootkit false positive - bindshell - not geek enough

    In all fairness I think I understand *how* to approach the process of checking . It's just that for those of us that are relatively new to GNU/linux there's so much that we're not *familiar* with in OS, that's all. In the above situation it seemed likely that that somebody more familiar could look at the symptoms and right away recognize either that it was a false positive, or that it might not be. It's kind of a digression, so I'll be real brief, but as a firm believer in the principles that ubuntu aspires to uphold, I certainly help people in areas that are lets say my field of expertise, so I didn't feel like it was excessive to ask for OS help in this situation.

    Anyway seriously unspawn, your advice was much appreciated and I'm truly grateful. It was nice of you to modestly say you're "no expert" but compared to those of us that are relative n00bs, you're way ahead. Thanks again, and to Samiux too!!!
    Last edited by a-you; September 3rd, 2013 at 09:05 PM.

  4. #14
    Join Date
    Aug 2009
    Beans
    Hidden!

    Re: help please is this a chkrootkit false positive - bindshell - not geek enough

    Quote Originally Posted by a-you View Post
    In all fairness I think I understand *how* to approach the process of checking . It's just that for those of us that are relatively new to GNU/linux there's so much that we're not *familiar* with in OS, that's all.
    That I can understand.


    Quote Originally Posted by a-you View Post
    (..) as a firm believer in the principles that ubuntu aspires to uphold, I certainly help people in areas that are lets say my field of expertise, so I didn't feel like it was excessive to ask for OS help in this situation.
    No such thing as excessive questions. Asking questions isn't stupid but NOT asking is.


    Quote Originally Posted by a-you View Post
    In the above situation it seemed likely that that somebody more familiar could look at the symptoms and right away recognize either that it was a false positive, or that it might not be.
    I don't want to come across as lecturing so I'll try and keep it brief. One of the UNIX mantras is "everything is a file" from which (for me at least) naturally follows "measuring is knowing". What personally irks me are "don't worry" one-liners. They're not helpful because they teach the OP nothing and consequently keep the OP from verifying things her/himself. And anyone can make mistakes or misread things leading to improper analysis. Combine that with not asking exactly why it's fine and you'll see what a disservice saying "don't worry" actually is when it comes to responsibility, sharing information and creating self-reliance.

    *If this was too long then just think Fish vs Fishing Rod :-]

  5. #15
    Join Date
    Aug 2013
    Beans
    78

    Re: help please is this a chkrootkit false positive - bindshell - not geek enough

    "I don't want to come across as lecturing so I'll try and keep it brief. One of the UNIX mantras is "everything is a file" from which (for me at least) naturally follows "measuring is knowing". What personally irks me are "don't worry" one-liners. They're not helpful because they teach the OP nothing and consequently keep the OP from verifying things her/himself. And anyone can make mistakes or misread things leading to improper analysis. Combine that with not asking exactly why it's fine and you'll see what a disservice saying "don't worry" actually is when it comes to responsibility, sharing information and creating self-reliance."

    I think you are very right in this. And well said. I can say that I do appreciate the "don't worry" comments too though, in a situation where one doesn't know where to start looking it's helpful when they come from somebody that knows from whence they speak. But really I (and I think most of us) especially appreciate the "how to fish" suggestions, vs just "here's a fish".

    So thanks again.
    Last edited by a-you; September 9th, 2013 at 07:58 PM.

Page 2 of 2 FirstFirst 12

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •