View previous topic :: View next topic |
Author |
Message |
ar_it Apprentice
Joined: 25 Feb 2006 Posts: 212 Location: Poland/Warsaw
|
Posted: Mon Jan 22, 2007 11:56 pm Post subject: [BEZPIECZENSTWO]Checking `init'... INFECTED |
|
|
Witam
Przeskanowałem sobie chkrootkit'em system i dostaję coś takiego
Code: |
Checking `inetdconf'... not found
Checking `identd'... not found
[color=red]Checking `init'... INFECTED[/color]
Checking `killall'... not infected
Checking `ldsopreload'... not infected
Checking `login'... not infected
Checking `ls'... not infected
####ciach#########
Checking `asp'... not infected
Checking `bindshell'... not infected
Checking `lkm'... chkproc: nothing detected
Checking `rexedcs'... not found
Checking `sniffer'... eth0: not promisc and no PF_PACKET sockets
Checking `w55808'... not infected
Checking `wted'... chkwtmp: nothing deleted
Checking `scalper'... not infected
Checking `slapper'... not infected
Checking `z2'... chklastlog: nothing deleted
Checking `chkutmp'... The tty of the following user process(es) were not found
in /var/run/utmp !
! RUID PID TTY CMD
! root 4480 tty7 /usr/bin/X -br -nolisten tcp :0 vt7 -auth /var/run/xauth/A:0-0MEdLV
! lukasz 3580 pts/1 /bin/bash
! lukasz 3615 pts/2 /bin/bash
! root 4430 pts/1 su
! root 4463 pts/1 bash
! root 29040 pts/2 su
! root 29058 pts/2 bash
! root 30846 pts/1 /bin/sh /usr/sbin/chkrootkit
! root 32416 pts/1 /usr/sbin/chkutmp
! root 32417 pts/1 ps ax -o tty,pid,ruser,args
chkutmp: nothing deleted
|
Czy ktoś może wie o co może chodzić ??
P.S.
rkhunter daje takie wyniki
Code: |
rkhunter -c
Rootkit Hunter 1.2.8 is running
Determining OS... Unknown
Warning: This operating system is not fully supported!
Warning: Cannot find md5_not_known
All MD5 checks will be skipped!
Checking binaries
* Selftests
Strings (command) [ OK ]
* System tools
Skipped!
####ciach######
* Trojan specific characteristics
shv4
Checking /etc/rc.d/rc.sysinit [ Not found ]
Checking /etc/inetd.conf [ Not found ]
Checking /etc/xinetd.conf [ Skipped ]
####ciach######
---------------------------- Scan results ----------------------------
MD5
MD5 compared: 0
Incorrect MD5 checksums: 0
File scan
Scanned files: 342
Possible infected files: 0
Application scan
Vulnerable applications: 0
Scanning took 137 seconds
|
Będę wdzięczny za pomoc _________________ ar_it
https://www.teamquest.pl/ |
|
Back to top |
|
|
brodi Tux's lil' helper
Joined: 29 Nov 2004 Posts: 100 Location: EU, Poland, Lodz
|
Posted: Tue Jan 23, 2007 4:38 pm Post subject: |
|
|
Cześć,
Używasz może portsentry albo czegoś w ten deseń? Wiem, że taki soft może mylić chkrootkit'a..
Pozdrawiam _________________ Łukasz
"Linux - because it works!" |
|
Back to top |
|
|
ar_it Apprentice
Joined: 25 Feb 2006 Posts: 212 Location: Poland/Warsaw
|
Posted: Tue Jan 23, 2007 7:57 pm Post subject: |
|
|
_lucas_ wrote: | Cześć,
Używasz może portsentry albo czegoś w ten deseń? Wiem, że taki soft może mylić chkrootkit'a..
Pozdrawiam |
to jest domowa maszyna - nie ma na niej portsentry albo czegoś w ten deseń. _________________ ar_it
https://www.teamquest.pl/ |
|
Back to top |
|
|
|