debian-user-digest Digest V2007 #2052

Content-Type: text/plain

debian-user-digest Digest Volume 2007 : Issue 2052

Today's Topics:

  Re: /bin/login listening?             [ Jeff D  ]
  Re: dumb question about aAdobe Acrob  [ Douglas Allan Tutty  ]
  Re: /bin/login listening?             [ Tyler Smith  ]
  Re: Need newer software that include  [ "Tim Hull"  ]
  Re: DVD drive no longer mounts        [ "D. Kettler"  ]
  Re: dumb question about aAdobe Acrob  [ "Michael Fothergill"  ]
  Re: /bin/login listening?             [ Jeff D  ]

Date: Sat, 28 Jul 2007 13:35:06 -0700 (PDT) From: Jeff D <fixedored@gmail.com>
To: debian user <debian-user@lists.debian.org> Subject: Re: /bin/login listening?
Message-ID: <Pine.LNX.4.62.0707281325370.12185@proto.technobounce.com> Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed

On Sat, 28 Jul 2007, Tyler Smith wrote:

> Hi,
>
> rkhunter has turned up a new warning for me:
>
>> Found warnings:
>> [16:37:42] Checking for packet capturing applications... Warning
>> [16:37:43] Warning! Process /bin/login (3888) listening
>> [16:37:43] Warning! Process /bin/login (3888) listening
>> [16:37:43] Warning! Process /bin/login (3888) listening
>> [16:37:43] Warning! Process /bin/login (3888) listening
>> [16:37:43] Warning! Process /sbin/dhclient (4197) listening
>> [16:37:43] WARNING, found: /etc/.java (directory) /dev/.static (directory) /dev/.udev (directory) /dev/.initramfs (directory)
>
> The /bin/login hasn't shown up before. Is this something I need to
> worry about?
>
> Thanks,
>
> Tyler
>
>
> --

Normally /bin/login shouldn't be listening. A couple things you could do to see if it is listneing is:
lsof -i -n | grep LISTEN
if it is listening, it should show up there. providing lsof hasnt been comprimised.
if you have another machine available to you, run an nmap scan on it like so:
nmap -sV hostname

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related lists.debian.org Links debian-announce debian-apache debian-arm-changes debian-beowulf debian-boot debian-cd debian-cd-vendors debian-changes debian-changes-digest debian-isp debian-kde debian-laptop debian-mirrors-announce debian-news debian-security debian-security-announce debian-testing debian-user debian-user-digest Request more information about Pantek

if those show up true, it's likely that you have a rootkit installed and should pull the network cable from the machine and rebuild.

jeff

-+-
8 out of 10 Owners who Expressed a Preference said Their Cats Preferred Techno.

Date: Sat, 28 Jul 2007 16:47:24 -0400
From: Douglas Allan Tutty <dtutty@porchlight.ca> To: debian-user@lists.debian.org
Subject: Re: dumb question about aAdobe Acrobat....

Message-ID: <20070728204724.GB10980@titan>
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

On Sat, Jul 28, 2007 at 05:45:24PM +0000, Michael Fothergill wrote:
>
> I tried installing Adobe Acrobat from a tarball and it doesn't seem to
> work. It was a while ago now so I have forgotten exactly what I did and
> didn't do.
>
> It seems a bit complex because it tries to put it in Iceweasel as plugin or
> something and also as a stand alone program at the same time or
> something.......
>
> I don't remember it being as complex as this in the past.
>
> At a very dumb level is there an acrobat deb file somewhere that would be
> easy to install somewhere in the non free repository....?
>

Hi Michael,

I see you've had quite a discussion already.

Do you need more help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related lists.debian.org Links debian-announce debian-apache debian-arm-changes debian-beowulf debian-boot debian-cd debian-cd-vendors debian-changes debian-changes-digest debian-isp debian-kde debian-laptop debian-mirrors-announce debian-news debian-security debian-security-announce debian-testing debian-user debian-user-digest Request more information about Pantek

What is it about brand-name Acroread that you need? I've never used it; I use xpdf. If I have any KDE apps installed, I'll use Kpdf. I don't like gnome apps so don't use evince.

Yes amd64 has a couple of things that don't work because the closed-source apps aren't compiled for amd64. I have a chroot for a browser with adobe flash player.

The instructions in the amd64 howto/faq for setting up a chroot worked reasonably well. I installed schroot so that now its simple to make a button for icewm that will run the browser in its chroot.

Once you have an ia32 chroot, you can put anything you like into it.

Good luck,

Doug.

Date: Sat, 28 Jul 2007 16:52:24 -0400
From: Douglas Allan Tutty <dtutty@porchlight.ca> To: debian-user@lists.debian.org
Subject: Re: DVD drive no longer mounts

Message-ID: <20070728205224.GC10980@titan>
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

Can we help you?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related lists.debian.org Links debian-announce debian-apache debian-arm-changes debian-beowulf debian-boot debian-cd debian-cd-vendors debian-changes debian-changes-digest debian-isp debian-kde debian-laptop debian-mirrors-announce debian-news debian-security debian-security-announce debian-testing debian-user debian-user-digest Request more information about Pantek

On Sat, Jul 28, 2007 at 01:01:48PM -0700, D. Kettler wrote:
> Sorry in advance for the long post, but I'm trying to provide any
> information that might be helpful for diagnosing the problem.
>
> The following is on an existing installation that has worked fine for some
> time now. I recently discovered that my DVD+-R/W drive will not even
> mount data discs, shortly after updating my Debian testing installation,
> though I am not yet convinced this has anything to dow with the update

What all got updated? Did you change kernels? Do you still have the old one?

You've only tested with the mount command. What about a command that reads disks without trying to mount them, such as cdck?

Doug.

Date: Sat, 28 Jul 2007 15:57:11 -0500
From: John Hasler <jhasler@debian.org>
To: debian-user@lists.debian.org
Subject: Re: dumb question about aAdobe Acrobat.... Message-ID: <876444jlg8.fsf@toncho.dhh.gt.org> Content-Type: text/plain; charset=us-ascii

Michael Fothergill writes:
> It worked OK but it didn't install acroread...

Do you actually _need_ acroread? Xpdf isn't good enough?

-- 
John Hasler

Date: 28 Jul 2007 21:06:31 GMT From: Tyler Smith <tyler.smith@mail.mcgill.ca> To: debian-user@lists.debian.org Subject: Re: /bin/login listening? Message-ID: <slrnfanfds.kfc.tyler.smith@blackbart.mynetwork> On 2007-07-28, Jeff D <fixedored@gmail.com> wrote:
>>> [16:37:43] Warning! Process /bin/login (3888) listening
>
> Normally /bin/login shouldn't be listening. A couple things you could do
> to see if it is listneing is:
> lsof -i -n | grep LISTEN
Here's what I got - no sign of /bin/login: lsof -i -n | grep LISTEN portmap 2578 daemon 4u IPv4 6938 TCP *:sunrpc (LISTEN) rpc.statd 2603 statd 8u IPv4 7009 TCP *:37381 (LISTEN) sshd 3026 root 3u IPv6 7668 TCP *:ssh (LISTEN) exim4 3385 Debian-exim 3u IPv4 7971 TCP 127.0.0.1:smtp (LISTEN) inetd 3661 root 4u IPv4 8254 TCP *:auth (LISTEN) famd 3721 tyler 3u IPv4 8323 TCP 127.0.0.1:929 (LISTEN) apache 3826 root 16u IPv4 9177 TCP *:www (LISTEN) apache 3827 www-data 16u IPv4 9177 TCP *:www (LISTEN) apache 3828 www-data 16u IPv4 9177 TCP *:www (LISTEN) apache 3829 www-data 16u IPv4 9177 TCP *:www (LISTEN) apache 3830 www-data 16u IPv4 9177 TCP *:www (LISTEN) apache 3839 www-data 16u IPv4 9177 TCP *:www (LISTEN) apache 21000 www-data 16u IPv4 9177 TCP *:www (LISTEN) apache 21001 www-data 16u IPv4 9177 TCP *:www (LISTEN) apache 21002 www-data 16u IPv4 9177 TCP *:www (LISTEN) identd 21568 identd 0u IPv4 8254 TCP *:auth (LISTEN) identd 21568 identd 1u IPv4 8254 TCP *:auth (LISTEN) identd 21568 identd 2u IPv4 8254 TCP *:auth (LISTEN)
> if it is listening, it should show up there. providing lsof hasnt been
> comprimised.
> if you have another machine available to you, run an nmap scan on it
> like so:
> nmap -sV hostname
I don't have another maching available. What do you think? Cheers, Tyler

Date: Sat, 28 Jul 2007 22:28:13 +0100 From: andy <geek_show@dsl.pipex.com> To: debian-user@lists.debian.org Subject: Re: A question of fonts Message-ID: <46ABB4ED.3040708@dsl.pipex.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Alan Ianson wrote:
> On Sat July 28 2007 12:30, Glen Pfeiffer wrote:
>
>> On 07/28/2007 12:20 PM, andy wrote:
>>
>>> Can I have a few recommendations please for the best fonts
>>> package to use for a desktop machine.
>>>
>> I have only installed one font package and have no experience
>> with any others.
>>
>> msttcorefonts
>>
>> It is available in the debian-multimedia repository.
>> http://www.debian-multimedia.org/
>>
>
> This package is in contrib. No need for debian-multimedia for this one.
>
>
>
I do have the latest msttcorefonts installed. It just looks crap with Xmms and sometimes Iceweasel seems difficult to read too. But certainly Xmms is the worst of the bunch. A -- "If they can get you asking the wrong questions, they don't have to worry about the answers." - Thomas Pynchon, "Gravity's Rainbow"

Date: Sat, 28 Jul 2007 17:30:36 -0400 From: "Tim Hull" <thully@umich.edu> To: debian-user@lists.debian.org Subject: Re: Need newer software that included with stable (that isn't at backports.org) Message-ID: <9a7c669e0707281430u4ebe8e7h4908641a427d351@mail.gmail.com> Content-Type: multipart/alternative; boundary="----=_Part_14662_27324481.1185658236230" ------=_Part_14662_27324481.1185658236230 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline
>
>
>
> Sure other OSs do: Try convincing OpenBSD that you want a newer kernel.
> They'll tell you to wait six months. OTOH, NetBSD is a hacker's dream.
> Take your pick. FreeBSD may also do what you need but I haven't used it
> yet.
>
> I agree that it would be nice to have something a litle more often than
> we get with Stable but a little more stable than Testing, but it doesn't
> exist. To make it exist would pull developers' time from the system as
> it stands.
>
> For this reason, and not in any way to tell you to go away, you may wish
> to consider one of the BSDs. They can run binary linux apps in
> compatibility mode while having a large repository of packages ready to
> install. Their pkg_add is very similar to apt-get; I haven't found
> anything equivalent to aptitude ncurses interface.
I must say I definitely did consider that. FreeBSD looks like a lot of what I may want - it's ports is second only to Debian's package tree in software available, and each port can be updated independently. On the other hand, its hardware support lags behind Linux somewhat. Debian actually seemed most in line with what I wanted, as it seems like the least monolithic of the distributions and the most stable. I even seem to remember a Debian developer speak of incorporating backports and making stable images with updated kernels for hardware support available at some point. In any case, I don't mean to irritate anyone. I'm just pointing out what I have found, by far, to be the #1 drawback of most Linux distributions - either you're stuck with what the distro gives you for n months, you install packages from some unofficial repo (if you're lucky), or you futz with tarballs - and see if anyone is working on solutions/is doing anything other than the obvious. ------=_Part_14662_27324481.1185658236230 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline <div><blockquote class="gmail_quote" style="margin:0;margin-left:0.8ex;border-left:1px #ccc solid;padding-left:1ex"><br><br>Sure other OSs do: Try convincing OpenBSD that you want a newer kernel.<br>They&#39;ll tell you to wait six months.&nbsp;&nbsp;OTOH, NetBSD is a hacker&#39;s dream. <br>Take your pick.&nbsp;&nbsp;FreeBSD may also do what you need but I haven&#39;t used it<br>yet.<br><br>I agree that it would be nice to have something a litle more often than<br>we get with Stable but a little more stable than Testing, but it doesn&#39;t <br>exist.&nbsp;&nbsp;To make it exist would pull developers&#39; time from the system as<br>it stands.<br><br>For this reason, and not in any way to tell you to go away, you may wish<br>to consider one of the BSDs.&nbsp;&nbsp;They can run binary linux apps in <br>compatibility mode while having a large repository of packages ready to<br>install.&nbsp;&nbsp;Their pkg_add is very similar to apt-get; I haven&#39;t found<br>anything equivalent to aptitude ncurses interface.</blockquote><div> <br class="webkit-block-placeholder"></div><div><br class="webkit-block-placeholder"></div><div>I must say I definitely did consider that. &nbsp;FreeBSD looks like a lot of what I may want - it&#39;s ports is second only to Debian&#39;s package tree in software available, and each port can be updated independently. &nbsp;On the other hand, its hardware support lags behind Linux somewhat. &nbsp;Debian actually seemed most in line with what I wanted, as it seems like the least monolithic of the distributions and the most stable. &nbsp;I even seem to remember a Debian developer speak of incorporating backports and making stable images with updated kernels for hardware support available at some point. &nbsp; </div><div><br class="webkit-block-placeholder"></div><div>In any case, I don&#39;t mean to irritate anyone. &nbsp;I&#39;m just pointing out what I have found, by far, to be the #1 drawback of most Linux distributions - either you&#39;re stuck with what the distro gives you for n months, you install packages from some unofficial repo (if you&#39;re lucky), or you futz with tarballs - and see if anyone is working on solutions/is doing anything other than the obvious. </div><br>&nbsp;</div><br> ------=_Part_14662_27324481.1185658236230--

Date: Sat, 28 Jul 2007 14:30:39 -0700 (PDT) From: "D. Kettler" <dkettler@u.washington.edu> To: debian-user@lists.debian.org Subject: Re: DVD drive no longer mounts Message-ID: <Pine.LNX.4.64.0707281426560.519@dante01.u.washington.edu> Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed On Sat, 28 Jul 2007, Douglas Allan Tutty wrote:
> On Sat, Jul 28, 2007 at 01:01:48PM -0700, D. Kettler wrote:
>> Sorry in advance for the long post, but I'm trying to provide any
>> information that might be helpful for diagnosing the problem.
>>
>> The following is on an existing installation that has worked fine for some
>> time now. I recently discovered that my DVD+-R/W drive will not even
>> mount data discs, shortly after updating my Debian testing installation,
>> though I am not yet convinced this has anything to dow with the update
>
> What all got updated? Did you change kernels? Do you still have the
> old one?
>
It was just a normal apt-get update; apt-get upgrade. I didn't keep track of everything, but I didn't change kernels. Honestly, I'm not entirely sure the update was the problem but it's all that I could think of.
> You've only tested with the mount command. What about a command that
> reads disks without trying to mount them, such as cdck?
>
david@gosroth:~$ cdck -d /dev/hdb Unable to read TOC because unable to open cdrom '/dev/hdb', reason: No medium found One thing that actually does work is 'eject /dev/hdb', which of course doesn't have anything to do with reading but it does at least show that it is the right device.
> Doug.
>
Thanks. -- David Kettler dkettler@u.washington.edu

Date: Sat, 28 Jul 2007 14:38:44 -0700 From: "David Fox" <dfox94085@gmail.com> To: "Debian Users" <debian-user@lists.debian.org> Subject: lenny: getting non-free nvidia drivers issue Message-ID: <359a3c580707281438u181eeacdi8e70704c88d2b25d@mail.gmail.com> Content-Type: multipart/alternative; boundary="----=_Part_14609_2710788.1185658724427" ------=_Part_14609_2710788.1185658724427 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline I'm browsing howto's at the moment and attempting to get the nvidia drivers (the non-free ones) the "debian" way. There doesn't seem to be an avalable version of nvidia-kernel-source for my particular kernel (I was running 2.6.18-4-k7, but I just upgraded to 2.6.21-2-k7 a few moments ago. I'm using http://home.comcast.net/~andrex/Debian-nVidia/, and http://wiki.debian.org/NvidiaGraphicsDrivers as reference documents. There is also no nvidia-glx in testing. There has been some discussion on the list recently regarding some updates to X.org video drivers, which have unfortunately caused my existing nvidia setup to no longer work, so currently I am using the "nv" driver. From the instructions it would seem my current card (Geforce FX 5200) should be supported by the "non-legacy" or regular driver. According to the testing status page ( http://bjorn.haxx.se/debian/testing.pl?package=nvidia-glx) it would seem that testing is waiting for the newer driver package, which seems to be ATM availalbe in sid/unstable. Question - is it "safe" to retry the nvidia driver at this point? Last I tried, I ended up with a fairly unusable system and had to renstall most of X and go back to using the nv driver. If that is doable, I figure it would be better to do this the "debian way" and although I posted about this before, I probably would want to go ahead and add unstable sources to my sources.list and install that way. Or, I could wait until these are available in testing, but I don't have a clue low long that would take. (In a previous thread, it was opined that it would only take a few days or so.) Hints? thanks. ------=_Part_14609_2710788.1185658724427 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline I&#39;m browsing howto&#39;s at the moment and attempting to get the nvidia drivers (the non-free ones) the &quot;debian&quot; way.<br><br>There doesn&#39;t seem to be an avalable version of nvidia-kernel-source for my particular kernel (I was running 2.6.18-4-k7, but I just upgraded to 2.6.21-2-k7<br>a few moments ago. I&#39;m using http://home.comcast.net/~andrex/Debian-nVidia/,&nbsp;and&nbsp; <a href="http://wiki.debian.org/NvidiaGraphicsDrivers"> http://wiki.debian.org/NvidiaGraphicsDrivers</a> as reference documents.<br><br>There is also no nvidia-glx in testing. There has been some discussion on the list recently regarding some updates to <a href="http://X.org"> X.org</a> video drivers, which have unfortunately caused my existing nvidia setup to no longer work, so currently I am using the &quot;nv&quot; driver. From the instructions it would seem my current card (Geforce FX 5200) should be supported by the &quot;non-legacy&quot; or regular driver. <br><br>According to the testing status page (http://bjorn.haxx.se/debian/testing.pl?package=nvidia-glx) it would seem that testing is waiting for the newer driver package, which seems to be ATM availalbe in sid/unstable. <br><br>Question - is it &quot;safe&quot; to retry the nvidia driver at this point? Last I tried, I ended up with a fairly unusable system and had to renstall most of X and go back to using the nv driver.<br><br>If that is doable, I figure it would be better to do this the &quot;debian way&quot; and although I posted about this before, I probably would want to go ahead and add unstable sources to my sources.list and install that way.<br><br>Or, I could wait until these are available in testing, but I don&#39;t have a clue low long that would take. (In a previous thread, it was opined that it would only take a few days or so.) <br><br>Hints?<br><br>thanks.<br><br><br><br><br><br> ------=_Part_14609_2710788.1185658724427--

Date: Sat, 28 Jul 2007 21:53:50 +0000 From: "Michael Fothergill" <mikef20000@hotmail.com> To: debian-user@lists.debian.org Subject: Re: dumb question about aAdobe Acrobat.... Message-ID: <BAY104-F1145DA75B257D1E2137F0191EC0@phx.gbl> Content-Type: text/plain; format=flowed
>From: Douglas Allan Tutty <dtutty@porchlight.ca>
>To: debian-user@lists.debian.org
>Subject: Re: dumb question about aAdobe Acrobat....
>Date: Sat, 28 Jul 2007 16:47:24 -0400
>
>On Sat, Jul 28, 2007 at 05:45:24PM +0000, Michael Fothergill wrote:
> >
> > I tried installing Adobe Acrobat from a tarball and it doesn't seem to
> > work. It was a while ago now so I have forgotten exactly what I did and
> > didn't do.
> >
> > It seems a bit complex because it tries to put it in Iceweasel as plugin
>or
> > something and also as a stand alone program at the same time or
> > something.......
> >
> > I don't remember it being as complex as this in the past.
> >
> > At a very dumb level is there an acrobat deb file somewhere that would
>be
> > easy to install somewhere in the non free repository....?
> >
>
>Hi Michael,
>
>I see you've had quite a discussion already.
>
>What is it about brand-name Acroread that you need? I've never used it;
>I use xpdf. If I have any KDE apps installed, I'll use Kpdf. I don't
>like gnome apps so don't use evince.
Well it's rather an unusual thing. I want to file accounts for a UK Limited company I run. If you have access codes and passwords etc, then you can go on Companies House web site (http://www.companieshouse.gov.uk) and then you can submit the accounts on line. They give you a template file to download that is a pdf file. It's a bit like the UK equivalent to the Department of Corporations in California. You then edit it and put in your accounting information. As far as I can see you are meant to do this with Adobe Acrobat........... Then I guess you upload it and submit it. On Monday, I am going to see an accountant to work on the accounts. We may end up producing them on paper and posting them to Companies House via snail mail and not bothering with the web filing..... But I may try it. If I do it there then I will be doing it in a Windows type environment where Acrobat will be floating around.... I will then see more clearly what you are meant to do in this electronic filing and then figure out the best way to Debianise any trace of non-free OSes or software out of the process... I am cringing a little bit about putting my draft pdf template file downloaded from the web site on the mailing list here as a file attachment that you could examine because it contains a little private info in it,,,, But if it would help to see if other pdf software could modify it then I would do it.... In California it costs $900 to register a limited company. In the UK you can do it for $100 or less. The annual filing fee is £15 on line (I think). Nicer still would be online filing of accounts (no charge for this) using a free OS running free software to look at any pdf files and modify them...... Comments appreciated. Regards Michael Fothergill
>Yes amd64 has a couple of things that don't work because the
>closed-source apps aren't compiled for amd64. I have a chroot for a
>browser with adobe flash player.
>
>The instructions in the amd64 howto/faq for setting up a chroot worked
>reasonably well. I installed schroot so that now its simple to make a
>button for icewm that will run the browser in its chroot.
>
>Once you have an ia32 chroot, you can put anything you like into it.
>
>Good luck,
>
>Doug.
>
>
>--
>To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
>with a subject of "unsubscribe". Trouble? Contact
>listmaster@lists.debian.org
>
_________________________________________________________________ The next generation of Hotmail is here! http://www.newhotmail.co.uk

Date: Sat, 28 Jul 2007 14:57:33 -0700 From: Alan Ianson <agianson@gmail.com> To: debian-user@lists.debian.org Subject: Re: A question of fonts Message-Id: <200707281457.33231.agianson@gmail.com> Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline On Sat July 28 2007 14:28, andy wrote:
> Alan Ianson wrote:
> > On Sat July 28 2007 12:30, Glen Pfeiffer wrote:
> >> On 07/28/2007 12:20 PM, andy wrote:
> >>> Can I have a few recommendations please for the best fonts
> >>> package to use for a desktop machine.
> >>
> >> I have only installed one font package and have no experience
> >> with any others.
> >>
> >> msttcorefonts
> >>
> >> It is available in the debian-multimedia repository.
> >> http://www.debian-multimedia.org/
> >
> > This package is in contrib. No need for debian-multimedia for this one.
>
> I do have the latest msttcorefonts installed. It just looks crap with
> Xmms and sometimes Iceweasel seems difficult to read too. But certainly
> Xmms is the worst of the bunch.
Are you using utf-8 by chance? I haven't made the switch to utf-8 because a number of apps I use (mostly console) don't look right when I use it. This sounds similar but I don't know for sure.

Date: Sat, 28 Jul 2007 15:02:02 -0700 (PDT) From: Jeff D <fixedored@gmail.com> To: debian user <debian-user@lists.debian.org> Subject: Re: /bin/login listening? Message-ID: <Pine.LNX.4.62.0707281449380.12185@proto.technobounce.com> Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed On Sat, 28 Jul 2007, Tyler Smith wrote:
> On 2007-07-28, Jeff D <fixedored@gmail.com> wrote:
>>>> [16:37:43] Warning! Process /bin/login (3888) listening
>>
>> Normally /bin/login shouldn't be listening. A couple things you could do
>> to see if it is listneing is:
>> lsof -i -n | grep LISTEN
>
> Here's what I got - no sign of /bin/login:
>
> lsof -i -n | grep LISTEN
> portmap 2578 daemon 4u IPv4 6938 TCP *:sunrpc (LISTEN)
> rpc.statd 2603 statd 8u IPv4 7009 TCP *:37381 (LISTEN)
> sshd 3026 root 3u IPv6 7668 TCP *:ssh (LISTEN)
> exim4 3385 Debian-exim 3u IPv4 7971 TCP 127.0.0.1:smtp (LISTEN)
> inetd 3661 root 4u IPv4 8254 TCP *:auth (LISTEN)
> famd 3721 tyler 3u IPv4 8323 TCP 127.0.0.1:929 (LISTEN)
> apache 3826 root 16u IPv4 9177 TCP *:www (LISTEN)
> apache 3827 www-data 16u IPv4 9177 TCP *:www (LISTEN)
> apache 3828 www-data 16u IPv4 9177 TCP *:www (LISTEN)
> apache 3829 www-data 16u IPv4 9177 TCP *:www (LISTEN)
> apache 3830 www-data 16u IPv4 9177 TCP *:www (LISTEN)
> apache 3839 www-data 16u IPv4 9177 TCP *:www (LISTEN)
> apache 21000 www-data 16u IPv4 9177 TCP *:www (LISTEN)
> apache 21001 www-data 16u IPv4 9177 TCP *:www (LISTEN)
> apache 21002 www-data 16u IPv4 9177 TCP *:www (LISTEN)
> identd 21568 identd 0u IPv4 8254 TCP *:auth (LISTEN)
> identd 21568 identd 1u IPv4 8254 TCP *:auth (LISTEN)
> identd 21568 identd 2u IPv4 8254 TCP *:auth (LISTEN)
>
>> if it is listening, it should show up there. providing lsof hasnt been
>> comprimised.
>> if you have another machine available to you, run an nmap scan on it
>> like so:
>> nmap -sV hostname
>
> I don't have another maching available. What do you think?
>
> Cheers,
>
> Tyler
>
you could also try something like this: lsof -n -p `pidof login | sed s/\ /\,/g` or lsof -n -p 3888 ( since that is the process id that rkhunter is reporting listening) do you have nmap installed on the local machine? you could run a nmap -sV localhost against it and it should report back with something as well. you can also install the debsums package, it will do a md5sum check against installed packages. also, what version of debian are you running? Is this machine behind a firewall or do you have a firewall running on it? You may also Jeff -+- 8 out of 10 Owners who Expressed a Preference said Their Cats Preferred Techno. End of debian-user-digest Digest V2007 Issue #2052 ************************************************** Received on Sat Jul 28 18:21:52 2007

Don't know where to look next?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related lists.debian.org Links debian-announce debian-apache debian-arm-changes debian-beowulf debian-boot debian-cd debian-cd-vendors debian-changes debian-changes-digest debian-isp debian-kde debian-laptop debian-mirrors-announce debian-news debian-security debian-security-announce debian-testing debian-user debian-user-digest Request more information about Pantek

Can't find what you're looking for?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related lists.debian.org Links debian-announce debian-apache debian-arm-changes debian-beowulf debian-boot debian-cd debian-cd-vendors debian-changes debian-changes-digest debian-isp debian-kde debian-laptop debian-mirrors-announce debian-news debian-security debian-security-announce debian-testing debian-user debian-user-digest Request more information about Pantek