Web Hosting Talk






PDA

View Full Version : how to uninstall chkrootkit 0.44?

terran11355@
09-26-2004, 05:27 PM
after i installed the chkrootkit 0.44, how can i uninstall this scripts?

i delete the whole folde of chkrootkit in root, but it seems doesn't work,

it still shows in ps -xa

16531 ? R 37:09 vim /etc/cron.daily/chkrootkit
16772 ? S 0:00 su -
16784 ? S 0:00 -bash
17342 ? R 29:06 vim /etc/cron.daily/chkrootkit
20271 ? S 0:00 su -
20274 ? S 0:00 -bash
20372 ? R 24:36 vim /etc/cron.daily/chkrootkit.sh



Thanks

sean
inimino
09-26-2004, 05:37 PM
Deleting that folder is exactly what you didn't want to do.

I'm assuming you installed it from source, that means you'll have to redownload the source code which you just deleted before you can uninstall it cleanly.

Those vim processes don't indicate that chrootkit is running, they indicate vim is running.

Probably you didn't log out correctly or lost your connection to SSH. Try:

# killall vim

Download the source again and read the INSTALL file which has uninstallation instructions as well.
terran11355@
09-26-2004, 05:50 PM
Originally posted by inimino
Deleting that folder is exactly what you didn't want to do.

I'm assuming you installed it from source, that means you'll have to redownload the source code which you just deleted before you can uninstall it cleanly.

Those vim processes don't indicate that chrootkit is running, they indicate vim is running.

Probably you didn't log out correctly or lost your connection to SSH. Try:

# killall vim

Download the source again and read the INSTALL file which has uninstallation instructions as well.


Thank you so much,

I deleted the whole folder and i restarted the cpanel, and it was gone.

I hope it won't run again, it used 87% cpu !

Would you please tell which shell command can check daily cron job?


sean
inimino
09-26-2004, 05:52 PM
Try this:

rm /etc/cron.daily/chkrootkit
F5Hosting
09-26-2004, 05:58 PM
It's possible it wasn't chkroot using 87% persay, it was the fact that vim (vi) was existed abnormally which is known to start chewing up cpu. This can happen generally for two reasons

1. CTRL+Z while in vi and forgetting about will cause this.

2. Losing your SSH session in the middle of editing will cause this.
terran11355@
09-26-2004, 05:59 PM
Originally posted by inimino
Try this:

rm /etc/cron.daily/chkrootkit


run this command and got errors:

cannot lstat `/etc/cron.daily/chkrootkit': No such file or directory


i think i already deleted this folder and i just want to make sure it won't run again in any time.

Thanks

sean
inimino
09-26-2004, 06:16 PM
As dgbaker says, it's most likely that it was vim using your CPU.

If the file is already missing, then you don't need to worry about the command to remove it failing :)