Anne Wilson wrote:
I run chkrootkit daily. For the first time I've got reports of a problem -
Checking `bindshell'... INFECTED (PORTS: 1008)
The page http://fatpenguinblog.com/scott-rippee/checking-bindshell-infected-
ports-1008/ suggests that this might be a false positive, so I ran 'netstat -
tanup' but unlike the report, it wasn't famd on the port. It was
tcp 0 0 0.0.0.0:1008 0.0.0.0:*
LISTEN 3797/rpc.mountd
It looks as though certain services are marked as suspicious when they grab
port 1008. I tried to find how to restart the service, but without success,
but a reboot put rpc.mountd onto another port, and chkrootkit no longer
reports a problem. (I had rebooted last evening after an update including a
kernel version.)
I think that it really was a false alarm, but I would really like to know how
I could restart that service without rebooting. system-config-services didn't
do the trick, and I simply didn't know what else to try. In case I meet this
again, can you please advise me?
Anne
------------------------------------------------------------------------
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
Anne, I believe an nfs restart should do it - you may consider setting
rpc to a specific port in /etc/sysconfig/nfs - plenty of comments in the
file to help - this is also useful if you firewall and need to use nfs.
HTH
Rob
begin:vcard
fn:Rob Kampen
n:Kampen;Rob
email;internet:rkampen@xxxxxxxxxxxxxxxxx
tel;work:407-896-9556 x6344
tel;fax:407-896-7607
tel;home:407-876-4854
tel;cell:407-341-3815
version:2.1
end:vcard
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
