Date: Sun, 09 Apr 2006 22:21:31 +0200 From: Michal Kapalka <michal.kapalka@gmail.com> To: Vitaliy K <vitaliy@vox.com.ua> Cc: questions@FreeBSD.org Subject: Re: chkrootkit Message-ID: <44396CCB.6000703@gmail.com> In-Reply-To: <1788496101.20060409203951@alf-ua.com> References: <1788496101.20060409203951@alf-ua.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi you can use also this port /usr/ports/security/rkhunter after the instalation update the database rkhunter --update && rkhunter -c Best regards Michal Kapalka > ͳ, questions! > > I badly know english, beforehand I apologize for the illiteracy. > > I ask the help you in the decision of my problem. > > I have loaded program stock-takings rootkit from a site > http://www.chkrootkit.org/. > > Has started, and has received below resulted result. I am disturbed > with a line Checking `date'... INFECTED > > # ./chkrootkit > ROOTDIR is `/' > Checking `amd'... not infected > Checking `basename'... not infected > Checking `biff'... not infected > Checking `chfn'... not infected > Checking `chsh'... not infected > Checking `cron'... not infected > Checking `date'... INFECTED > Checking `du'... not infected > Checking `dirname'... not infected > Checking `echo'... not infected > Checking `egrep'... not infected > Checking `env'... not infected > Checking `find'... not infected > Checking `fingerd'... not infected > Checking `gpm'... not found > Checking `grep'... not infected > Checking `hdparm'... not found > Checking `su'... not infected > Checking `ifconfig'... not infected > Checking `inetd'... not infected > Checking `inetdconf'... not infected > Checking `identd'... not found > Checking `init'... not infected > Checking `killall'... not infected > Checking `ldsopreload'... not tested > Checking `login'... not infected > Checking `ls'... not infected > Checking `lsof'... not found > Checking `mail'... not infected > Checking `mingetty'... not found > Checking `netstat'... not infected > Checking `named'... not infected > Checking `passwd'... not infected > Checking `pidof'... not found > Checking `pop2'... not found > Checking `pop3'... not found > Checking `ps'... not infected > Checking `pstree'... not found > Checking `rpcinfo'... not infected > Checking `rlogind'... not infected > Checking `rshd'... not infected > Checking `slogin'... not infected > Checking `sendmail'... not infected > Checking `sshd'... not infected > Checking `syslogd'... not infected > Checking `tar'... not infected > Checking `tcpd'... not infected > Checking `tcpdump'... not infected > Checking `top'... not infected > Checking `telnetd'... not infected > Checking `timed'... not infected > Checking `traceroute'... not infected > Checking `vdir'... not found > Checking `w'... not infected > Checking `write'... not infected > Checking `aliens'... no suspect files > Searching for sniffer's logs, it may take a while... nothing found > Searching for HiDrootkit's default dir... nothing found > Searching for t0rn's default files and dirs... nothing found > Searching for t0rn's v8 defaults... nothing found > Searching for Lion Worm default files and dirs... nothing found > Searching for RSHA's default files and dir... nothing found > Searching for RH-Sharpe's default files... nothing found > Searching for Ambient's rootkit (ark) default files and dirs... nothing found > Searching for suspicious files and dirs, it may take a while... nothing found > Searching for LPD Worm files and dirs... nothing found > Searching for Ramen Worm files and dirs... nothing found > Searching for Maniac files and dirs... nothing found > Searching for RK17 files and dirs... nothing found > Searching for Ducoci rootkit... nothing found > Searching for Adore Worm... nothing found > Searching for ShitC Worm... nothing found > Searching for Omega Worm... nothing found > Searching for Sadmind/IIS Worm... nothing found > Searching for MonKit... nothing found > Searching for Showtee... nothing found > Searching for OpticKit... nothing found > Searching for T.R.K... nothing found > Searching for Mithra... nothing found > Searching for OBSD rk v1... nothing found > Searching for LOC rootkit ... nothing found > Searching for Romanian rootkit ... nothing found > Searching for Suckit rootkit ... nothing found > Searching for Volc rootkit ... nothing found > Searching for Gold2 rootkit ... nothing found > Searching for TC2 Worm default files and dirs... nothing found > Searching for Anonoying rootkit default files and dirs... nothing found > Searching for ZK rootkit default files and dirs... nothing found > Searching for ShKit rootkit default files and dirs... nothing found > Searching for AjaKit rootkit default files and dirs... nothing found > Searching for zaRwT rootkit default files and dirs... nothing found > Searching for anomalies in shell history files... nothing found > Checking `asp'... not infected > Checking `bindshell'... not infected > Checking `lkm'... nothing detected > Checking `rexedcs'... not found > Checking `sniffer'... rl0 is not promisc > plip0 is not promisc > Checking `w55808'... not infected > Checking `wted'... nothing deleted > Checking `scalper'... not infected > Checking `slapper'... not infected > Checking `z2'... nothing deleted > > > Mine FreeBSD: FreeBSD server.alf-ua.com 5.2.1-RELEASE FreeBSD > 5.2.1-RELEASE #0: Wed Jan 11 12:41:53 GMT 2006 > root@:/usr/src/sys/i386/compile/kernel_11.01.06 i386 > > Has come home, has put same FreeBSD on a domestic computer, the same > report, Checking `date'... INFECTED > > How to me to be? It is a mistake of developers of the program or yours? > > With impatience I wait for your answer. > > Beforehand thanks. > > > ______________________________________ > > Vitaliy K > > vitaliy@vox.com.ua > http://www.vox.com.ua > #icq 251618733 > > > > > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" > >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?44396CCB.6000703>