From owner-freebsd-questions@FreeBSD.ORG Sun Apr 9 20:21:46 2006 Return-Path: X-Original-To: questions@freebsd.org Delivered-To: freebsd-questions@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E793116A403 for ; Sun, 9 Apr 2006 20:21:46 +0000 (UTC) (envelope-from michal.kapalka@gmail.com) Received: from nproxy.gmail.com (nproxy.gmail.com [64.233.182.185]) by mx1.FreeBSD.org (Postfix) with ESMTP id 69B0A43D6A for ; Sun, 9 Apr 2006 20:21:37 +0000 (GMT) (envelope-from michal.kapalka@gmail.com) Received: by nproxy.gmail.com with SMTP id m18so564647nfc for ; Sun, 09 Apr 2006 13:21:36 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:user-agent:mime-version:to:cc:subject:references:in-reply-to:content-type:content-transfer-encoding; b=Ixbou6eJKCHssZvewEuwoqWeLAqgVrZBod3TA3+mq/hr0FvKDbhWx8xOQGbW2ifiAmgPJB6M+9zKd94FZmQZszsu8HJ3kI9bN73RQMfTpDEjVM/Dk3zwQ9KyhlsSogd8zU3Add9lP/Ll83EJygEpb9XRtzP4gxz44fcB2PWD5oA= Received: by 10.48.216.15 with SMTP id o15mr3206656nfg; Sun, 09 Apr 2006 13:21:36 -0700 (PDT) Received: from ?192.168.1.33? ( [213.215.86.71]) by mx.gmail.com with ESMTP id k9sm123001nfc.2006.04.09.13.21.35; Sun, 09 Apr 2006 13:21:36 -0700 (PDT) Message-ID: <44396CCB.6000703@gmail.com> Date: Sun, 09 Apr 2006 22:21:31 +0200 From: Michal Kapalka User-Agent: Thunderbird 1.5 (Windows/20051201) MIME-Version: 1.0 To: Vitaliy K References: <1788496101.20060409203951@alf-ua.com> In-Reply-To: <1788496101.20060409203951@alf-ua.com> Content-Type: text/plain; charset=windows-1251; format=flowed Content-Transfer-Encoding: 8bit Cc: questions@FreeBSD.org Subject: Re: chkrootkit X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: michal.kapalka@gmail.com List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 09 Apr 2006 20:21:47 -0000 Hi you can use also this port /usr/ports/security/rkhunter after the instalation update the database rkhunter --update && rkhunter -c Best regards Michal Kapalka > ͳ, questions! > > I badly know english, beforehand I apologize for the illiteracy. > > I ask the help you in the decision of my problem. > > I have loaded program stock-takings rootkit from a site > http://www.chkrootkit.org/. > > Has started, and has received below resulted result. I am disturbed > with a line Checking `date'... INFECTED > > # ./chkrootkit > ROOTDIR is `/' > Checking `amd'... not infected > Checking `basename'... not infected > Checking `biff'... not infected > Checking `chfn'... not infected > Checking `chsh'... not infected > Checking `cron'... not infected > Checking `date'... INFECTED > Checking `du'... not infected > Checking `dirname'... not infected > Checking `echo'... not infected > Checking `egrep'... not infected > Checking `env'... not infected > Checking `find'... not infected > Checking `fingerd'... not infected > Checking `gpm'... not found > Checking `grep'... not infected > Checking `hdparm'... not found > Checking `su'... not infected > Checking `ifconfig'... not infected > Checking `inetd'... not infected > Checking `inetdconf'... not infected > Checking `identd'... not found > Checking `init'... not infected > Checking `killall'... not infected > Checking `ldsopreload'... not tested > Checking `login'... not infected > Checking `ls'... not infected > Checking `lsof'... not found > Checking `mail'... not infected > Checking `mingetty'... not found > Checking `netstat'... not infected > Checking `named'... not infected > Checking `passwd'... not infected > Checking `pidof'... not found > Checking `pop2'... not found > Checking `pop3'... not found > Checking `ps'... not infected > Checking `pstree'... not found > Checking `rpcinfo'... not infected > Checking `rlogind'... not infected > Checking `rshd'... not infected > Checking `slogin'... not infected > Checking `sendmail'... not infected > Checking `sshd'... not infected > Checking `syslogd'... not infected > Checking `tar'... not infected > Checking `tcpd'... not infected > Checking `tcpdump'... not infected > Checking `top'... not infected > Checking `telnetd'... not infected > Checking `timed'... not infected > Checking `traceroute'... not infected > Checking `vdir'... not found > Checking `w'... not infected > Checking `write'... not infected > Checking `aliens'... no suspect files > Searching for sniffer's logs, it may take a while... nothing found > Searching for HiDrootkit's default dir... nothing found > Searching for t0rn's default files and dirs... nothing found > Searching for t0rn's v8 defaults... nothing found > Searching for Lion Worm default files and dirs... nothing found > Searching for RSHA's default files and dir... nothing found > Searching for RH-Sharpe's default files... nothing found > Searching for Ambient's rootkit (ark) default files and dirs... nothing found > Searching for suspicious files and dirs, it may take a while... nothing found > Searching for LPD Worm files and dirs... nothing found > Searching for Ramen Worm files and dirs... nothing found > Searching for Maniac files and dirs... nothing found > Searching for RK17 files and dirs... nothing found > Searching for Ducoci rootkit... nothing found > Searching for Adore Worm... nothing found > Searching for ShitC Worm... nothing found > Searching for Omega Worm... nothing found > Searching for Sadmind/IIS Worm... nothing found > Searching for MonKit... nothing found > Searching for Showtee... nothing found > Searching for OpticKit... nothing found > Searching for T.R.K... nothing found > Searching for Mithra... nothing found > Searching for OBSD rk v1... nothing found > Searching for LOC rootkit ... nothing found > Searching for Romanian rootkit ... nothing found > Searching for Suckit rootkit ... nothing found > Searching for Volc rootkit ... nothing found > Searching for Gold2 rootkit ... nothing found > Searching for TC2 Worm default files and dirs... nothing found > Searching for Anonoying rootkit default files and dirs... nothing found > Searching for ZK rootkit default files and dirs... nothing found > Searching for ShKit rootkit default files and dirs... nothing found > Searching for AjaKit rootkit default files and dirs... nothing found > Searching for zaRwT rootkit default files and dirs... nothing found > Searching for anomalies in shell history files... nothing found > Checking `asp'... not infected > Checking `bindshell'... not infected > Checking `lkm'... nothing detected > Checking `rexedcs'... not found > Checking `sniffer'... rl0 is not promisc > plip0 is not promisc > Checking `w55808'... not infected > Checking `wted'... nothing deleted > Checking `scalper'... not infected > Checking `slapper'... not infected > Checking `z2'... nothing deleted > > > Mine FreeBSD: FreeBSD server.alf-ua.com 5.2.1-RELEASE FreeBSD > 5.2.1-RELEASE #0: Wed Jan 11 12:41:53 GMT 2006 > root@:/usr/src/sys/i386/compile/kernel_11.01.06 i386 > > Has come home, has put same FreeBSD on a domestic computer, the same > report, Checking `date'... INFECTED > > How to me to be? It is a mistake of developers of the program or yours? > > With impatience I wait for your answer. > > Beforehand thanks. > > > ______________________________________ > > Vitaliy K > > vitaliy@vox.com.ua > http://www.vox.com.ua > #icq 251618733 > > > > > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" > >