[Asterisk-Users] Does Asterisk overwrite any libraries?

TeleSIP ricvil at telesip.net
Wed Dec 3 20:42:40 MST 2003 

A good rootkit will also modify the date and time of the replaced binaries
so they will look the same as the original.

Try to replace your "ps" command with that from a trusted RH9 machine.  If
it works ok then you must do a clean install to get rid of the rootkit.


----- Original Message ----- 
From: "Paul Oster" <devious at minot.com>
To: <asterisk-users at lists.digium.com>
Sent: Wednesday, December 03, 2003 10:24 PM
Subject: Re: [Asterisk-Users] Does Asterisk overwrite any libraries?


> Looks like your box has been compromised.  Try
>
> ls -l `which ps`
>
> You'll probably find an inapropriate date.  Whenever I've diagnosed
> problems like this, I've found badly installed rootkits.
>
> To address this on my production machines, I'm going to insruct the
> router to only allow traffic that is coming from trusted locations
> to connect to the box anyplace.
>
> I really hope I'm wrong about this Costas, but you should probably start
> verifying your binaries.
>
> If your machine has been compromised, a clean install, and patch with
> all the updated RPMS is a recommended soloution.
>
> Paul
> costas wrote:
>
> >I am using a brand new RH9.0 installation. I installed Asterisk
afterwards so I am not sure if Asterisk caused the problem below. The ps
doesn't work. It could also be something else. I also tried installing a
some video package. But I thought to ask here first if someone has seen this
before.
> >
> >[root at localhost asterisk]# ps
> >ps: error while loading shared libraries: libproc.so.2.0.6: cannot open
shared object file: No such file or directory
> >
> >[root at localhost asterisk]# which ps
> >/bin/ps
> >
> >Thanks
> >Costas
> >
> >--
> >Costas Menico
> >Meezon Software Corp
> >201-224-8111
> >costas at meezon.com
> >
> >--
> >_______________________________________________
> >Asterisk-Users mailing list
> >Asterisk-Users at lists.digium.com
> >http://lists.digium.com/mailman/listinfo/asterisk-users
> >
> >
> >
> >
>
>
>
>
> ____________________________________________________________
> Free 20MB Web Site Hosting and Personalized E-mail Service!
> Get It Now At Doteasy.com http://www.doteasy.com/et/
> _______________________________________________
> Asterisk-Users mailing list
> Asterisk-Users at lists.digium.com
> http://lists.digium.com/mailman/listinfo/asterisk-users
>

More information about the asterisk-users mailing list