| View previous topic :: View next topic |
| Author |
Message |
ddaas
Tux's lil' helper
Joined: 28 Feb 2005
Posts: 106
Location: Germany
|
 Posted: Sat Apr 16, 2005 8:35 pm Post subject: help me to understand the output of chkrootkit |
 |
|
The output of chkrootkit -q is:
/usr/lib/perl5/5.8.5/i386-linux-thread-multi/.packlist /usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi/auto/DCOP/.packlist /usr/lib/perl5/vendor_perl/5.8.3/i386-linux-thread-multi/auto/NKF/.packlist /usr/lib/perl5/vendor_perl/5.8.5/i386-linux-thread-multi/auto/Gaim/.packlist /usr/lib/perl5/vendor_perl/5.8.5/i386-linux-thread-multi/auto/mod_perl/.packlist /usr/lib/qt-3.3/etc/settings/.qtrc.lock /usr/lib/qt-3.3/etc/settings/.qt_plugins_3.3rc.lock /lib/modules/2.6.9-1.667/build/.config /lib/modules/2.6.9-1.667/build/scripts/genksyms/.lex.o.cmd /lib/modules/2.6.9-1.667/build/scripts/genksyms/.genksyms.cmd /lib/modules/2.6.9-1.667/build/scripts/genksyms/.parse.o.cmd /lib/modules/2.6.9-1.667/build/scripts/genksyms/.genksyms.o.cmd /lib/modules/2.6.9-1.667/build/scripts/kconfig/.zconf.tab.o.cmd /lib/modules/2.6.9-1.667/build/scripts/kconfig/.conf.o.cmd /lib/modules/2.6.9-1.667/build/scripts/kconfig/.conf.cmd /lib/modules/2.6.9-1.667/build/scripts/kconfig/.mconf.o.cmd /lib/modules/2.6.9-1.667/build/scripts/kconfig/.libkconfig.so.cmd /lib/modules/2.6.9-1.667/build/scripts/mod/.modpost.o.cmd /lib/modules/2.6.9-1.667/build/scripts/mod/.empty.o.cmd /lib/modules/2.6.9-1.667/build/scripts/mod/.file2alias.o.cmd /lib/modules/2.6.9-1.667/build/scripts/mod/.modpost.cmd /lib/modules/2.6.9-1.667/build/scripts/mod/.mk_elfconfig.cmd /lib/modules/2.6.9-1.667/build/scripts/mod/.elfconfig.h.cmd /lib/modules/2.6.9-1.667/build/scripts/mod/.sumversion.o.cmd /lib/modules/2.6.9-1.667/build/scripts/.conmakehash.cmd /lib/modules/2.6.9-1.667/build/scripts/.pnmtologo.cmd /lib/modules/2.6.9-1.667/build/scripts/basic/.docproc.cmd /lib/modules/2.6.9-1.667/build/scripts/basic/.split-include.cmd /lib/modules/2.6.9-1.667/build/scripts/basic/.fixdep.cmd /lib/modules/2.6.9-1.667/build/scripts/.kallsyms.cmd
ppp0: PF_PACKET(/sbin/pppoe, /snort/bin/snort)
The tty of the following user process(es) were not found
in /var/run/utmp !
! RUID PID TTY CMD
! root 2696 tty4 /sbin/mingetty tty4
! root 2709 tty5 /sbin/mingetty tty5
! root 2817 tty6 /sbin/mingetty tty6
1) That are those files from lib?
2) Is there something wrong with ttys?
Thanks |
|
| Back to top |
|
 |
Apreche
Guru
Joined: 18 Sep 2003
Posts: 506
Location: Beacon, NY
|
| Posted: Sun Apr 17, 2005 2:13 am Post subject: |
|
|
| It looks like you have mingettys running on ttys 4, 5 and 6 but that you don't actually have ttys 4, 5 and 6. Press ctrl+alt+f4/5/6 to see if those ttys are real. There could be something wrong with your ttys or those mingettys are actually fake processes that chkrootkit has recognized. |
|
| Back to top |
|
|
ddaas
Tux's lil' helper
Joined: 28 Feb 2005
Posts: 106
Location: Germany
|
| Posted: Sun Apr 17, 2005 8:41 am Post subject: |
|
|
Those ttys are real. What do you think?
and what about those libs that are shown by chkrootkit? |
|
| Back to top |
|
|
|
Networking & Security
