You are not logged in.
Pages: 1
From chkrootkit:
[b]Checking `bindshell'... INFECTED (PORTS: 1008)[/b]
Checking `lkm'... chkproc: nothing detected
Checking `rexedcs'... not found
Checking `sniffer'... eth0: not promisc and no PF_PACKET sockets
Checking `w55808'... not infected
Checking `wted'... chkwtmp: nothing deleted
Checking `scalper'... not infected
Checking `slapper'... not infected
Checking `z2'... chklastlog: nothing deleted
Checking `chkutmp'... The tty of the following user process(es) were not found
in /var/run/utmp !
! RUID PID TTY CMD
! proteus 5789 pts/0 bash
! root 5798 pts/0 su
! root 5799 pts/0 bash
! root 5801 pts/0 /bin/sh ./chkrootkit
! root 7398 pts/0 ./chkutmp
! root 7399 pts/0 ps ax -o tty,pid,ruser,args
chkutmp: nothing deleted
Okay... What do I do about this? And how the hell did I get the damn thing? I use a good NAT router, and never run sshd...
Also, some weird stuff, again from chkrootkit:
Searching for suspicious files and dirs, it may take a while...
/usr/lib/perl5/current/i686-linux-thread-multi/.packlist /usr/lib/perl5/site_per l/current/i686-linux-thread-multi/auto/XML/Parser/.packlist /usr/lib/perl5/site_ perl/current/i686-linux-thread-multi/auto/Image/Magick/.packlist
And in case you ask: yes, I scan regularly with chkrootkit. It's a habit from the bad old days of Win98 usage, when I used AVG and F-Prot for DOS...
Offline
.
..
...
Searching for suspicious files and dirs, it may take a while...
/usr/lib/perl5/current/i686-linux-thread-multi/auto/Gaim/.packlist /usr/lib/perl5/current/i686-linux-thread-multi/.packlist /usr/lib/perl5/site_perl/current/i686-linux-thread-multi/auto/Gtk/Gdk/Pixbuf/.packlist /usr/lib/perl5/site_perl/current/i686-linux-thread-multi/auto/Gtk/Gdk/ImlibImage/.packlist /usr/lib/perl5/site_perl/current/i686-linux-thread-multi/auto/Gtk/base/.packlist /usr/lib/perl5/site_perl/current/i686-linux-thread-multi/auto/Image/Magick/.packlist
...
...
....
Checking `chkutmp'... The tty of the following user process(es) were not found
in /var/run/utmp !
! RUID PID TTY CMD
! ryan 26750 pts/0 su -
! root 26751 pts/0 -bash
! root 26843 pts/0 /bin/sh ./chkrootkit
! root 28405 pts/0 ./chkutmp
! root 28406 pts/0 ps ax -o tty,pid,ruser,args
chkutmp: nothing deleted
Maybe it has to do with the updated chkrootkit . . . ?
Offline
Okay, looks like this was a false alarm... I scanned again, twice, and I got the okay for bindshell. Damned if I know what was going on there...
Of course, now I have this:
Checking `sniffer'... eth0: not promisc and no PF_PACKET sockets
WTF is that about? :?
Offline
Practically, that means that there's no sniffer attached to it. In other words: It couldn't be in a less suspicious state.
Offline
Ahh... Thanks.
(Sorry about this... Win98 taught be to be paranoid, but I'm not all that knowledgable about Linux security.)
Offline
Ahh... Thanks.
(Sorry about this... Win98 taught be to be paranoid, but I'm not all that knowledgable about Linux security.)
Hey, all windows taught me to be paranoid....Linux has got great security. That's why I ditched it all together 7 months ago and never turned back.
Offline
Just don't forget to make your daily backup, either broken hardware or exploits: better to have a backup ready.
Offline
What do you use for a backup program? I thought of using hdup but, it looked like I had to have a separate machine to backup onto (didn't look to much into it though). I just need to backup onto my other hard drive.
Offline
i just use a script to back up /etc - guess you could keep a list of currently installed packages - it'd be easy to reinstall arch with that list and /etc backup, eh?
Offline
Re backups i hear mondorescue is good.
Re chkrootkit: this has been know to show fake positives sometimes. maybe also run rootkithunter at the same time.
Offline
What do you use for a backup program?
I use hdup. You can backup to everywhere you want.
Offline
What do you use for a backup program?
we use box backup (there is a user contributed build in the AUR).
it's pretty simple to setup and use and has a rolling snapshot backup.
Chris....
Offline
What do you use for a backup program?
We use bacula for tape or for hard drive backup. It does pretty much everything we need done.
Offline
Pages: 1