| View previous topic :: View next topic |
| Author |
Message |
schmeggahead
Guru
Joined: 25 Feb 2003
Posts: 314
Location: Columbus, Ohio
|
 Posted: Sun Dec 16, 2007 5:21 pm Post subject: chkrootkit show missing ttys |
 |
|
On my machines, occasionally I receive this from chkrootkit:
| Code: |
Checking `chkutmp'... The tty of the following user process(es) were not found
in /var/run/utmp !
! RUID PID TTY CMD
! user1 15327 pts/0 -bash
! root 15332 pts/0 su -
! root 15333 pts/0 -su
! root 15338 pts/0 screen
|
It seems to be when I have screen running and/or when I have sshd running
I don't believe this is a problem but I don't have a good explanation of why it is happening.
Thanks, |
|
| Back to top |
|
 |
eccerr0r
Watchman
Joined: 01 Jul 2004
Posts: 9932
Location: almost Mile High in the USA
|
| Posted: Mon Dec 17, 2007 4:48 pm Post subject: |
|
|
if you can account for them, likely that was due to running screen non-suid/sgid and thus unable to update utmp. If it is sgid/suid as needed, then likely the utmp handling code in screen is fubar and should deep re-emerge it.
_________________
Intel Core i7 2700K/Radeon R7 250/24GB DDR3/256GB SSD
What am I supposed watching? |
|
| Back to top |
|
|
|
Networking & Security
