Code [rootkit001f]
A test was run on the 'ls' command to determine if it 'sees' certain pathnames (e.g., '...','bnc','war',etc). Tiger creates a temporary directory, creates files with known hacker program names/directories, and attempts an 'ls'. If the 'ls' does not recognize the file, a FAIL is issued
Code [rootkit002f]
A test was run on the 'find' command to determine if it 'sees' certain pathnames (e.g., '...','bnc','war',etc). Tiger creates a temporary directory, creates files with known hacker program names/directories, and attempts an 'find'. If the 'find' does not recognize the file, a FAIL is issued.
Code [rootkit003w]
The 'chkrootkit' program has detected a suspicious directory which might be an indication of an intrusion. A full analysis of the system is recommended to determine the presence of further signs of intrusion since a rootkit might have been installed.
Code [rootkit004w]
The 'chkrootkit' program has detected a possible rootkit installation A full analysis of the system is recommended to determine the presence of further signs of intrusion since a rootkit might have been installed.
Code [rootkit005a]
The 'chkrootkit' program has detected a rootkit installation A full analysis of the system is recommended to determine the presence of further signs of intrusion and to determine if the rootkit is indeed installed.
Code [rootkit006a]
A rootkit is installed by intruders in systems which have been successfully compromised and in which they have obtained full administrator privileges. The installation of a rootkit is an indication of a major system compromise.
If the installation of a rootkit is confirmed you are encouraged to power off the system and follow the steps outlined by Steps for Recovering from a UNIX or NT System Compromise (http://www.cert.org/tech_tips/root_compromise.html)