[Techtalk] Re: Different usage betweed df and du
Wim De Smet
kromagg at gmail.com
Thu Jul 14 01:58:47 EST 2005
On 7/13/05, Sue Stones <suzo at spin.net.au> wrote:
> Wim De Smet wrote:
>
> >
> >A rootkit perhaps. But I'd think that they'd install a modified df and
> >not bother with the du.
> >
> How would you detect one?
chkrootkit usually does the trick. Monitoring the network traffic for
a while might be a good idea too, just in case. Seems more likely it's
a corrupt filesystem or something like that though.
greets,
Wim
More information about the Techtalk
mailing list