chkrootkit
Michal Kapalka
michal.kapalka at gmail.com
Sun Apr 9 20:21:47 UTC 2006
Hi you can use also this port
/usr/ports/security/rkhunter
after the instalation update the database
rkhunter --update && rkhunter -c
Best regards Michal Kapalka
> Ні, questions!
>
> I badly know english, beforehand I apologize for the illiteracy.
>
> I ask the help you in the decision of my problem.
>
> I have loaded program stock-takings rootkit from a site
> http://www.chkrootkit.org/.
>
> Has started, and has received below resulted result. I am disturbed
> with a line Checking `date'... INFECTED
>
> # ./chkrootkit
> ROOTDIR is `/'
> Checking `amd'... not infected
> Checking `basename'... not infected
> Checking `biff'... not infected
> Checking `chfn'... not infected
> Checking `chsh'... not infected
> Checking `cron'... not infected
> Checking `date'... INFECTED
> Checking `du'... not infected
> Checking `dirname'... not infected
> Checking `echo'... not infected
> Checking `egrep'... not infected
> Checking `env'... not infected
> Checking `find'... not infected
> Checking `fingerd'... not infected
> Checking `gpm'... not found
> Checking `grep'... not infected
> Checking `hdparm'... not found
> Checking `su'... not infected
> Checking `ifconfig'... not infected
> Checking `inetd'... not infected
> Checking `inetdconf'... not infected
> Checking `identd'... not found
> Checking `init'... not infected
> Checking `killall'... not infected
> Checking `ldsopreload'... not tested
> Checking `login'... not infected
> Checking `ls'... not infected
> Checking `lsof'... not found
> Checking `mail'... not infected
> Checking `mingetty'... not found
> Checking `netstat'... not infected
> Checking `named'... not infected
> Checking `passwd'... not infected
> Checking `pidof'... not found
> Checking `pop2'... not found
> Checking `pop3'... not found
> Checking `ps'... not infected
> Checking `pstree'... not found
> Checking `rpcinfo'... not infected
> Checking `rlogind'... not infected
> Checking `rshd'... not infected
> Checking `slogin'... not infected
> Checking `sendmail'... not infected
> Checking `sshd'... not infected
> Checking `syslogd'... not infected
> Checking `tar'... not infected
> Checking `tcpd'... not infected
> Checking `tcpdump'... not infected
> Checking `top'... not infected
> Checking `telnetd'... not infected
> Checking `timed'... not infected
> Checking `traceroute'... not infected
> Checking `vdir'... not found
> Checking `w'... not infected
> Checking `write'... not infected
> Checking `aliens'... no suspect files
> Searching for sniffer's logs, it may take a while... nothing found
> Searching for HiDrootkit's default dir... nothing found
> Searching for t0rn's default files and dirs... nothing found
> Searching for t0rn's v8 defaults... nothing found
> Searching for Lion Worm default files and dirs... nothing found
> Searching for RSHA's default files and dir... nothing found
> Searching for RH-Sharpe's default files... nothing found
> Searching for Ambient's rootkit (ark) default files and dirs... nothing found
> Searching for suspicious files and dirs, it may take a while... nothing found
> Searching for LPD Worm files and dirs... nothing found
> Searching for Ramen Worm files and dirs... nothing found
> Searching for Maniac files and dirs... nothing found
> Searching for RK17 files and dirs... nothing found
> Searching for Ducoci rootkit... nothing found
> Searching for Adore Worm... nothing found
> Searching for ShitC Worm... nothing found
> Searching for Omega Worm... nothing found
> Searching for Sadmind/IIS Worm... nothing found
> Searching for MonKit... nothing found
> Searching for Showtee... nothing found
> Searching for OpticKit... nothing found
> Searching for T.R.K... nothing found
> Searching for Mithra... nothing found
> Searching for OBSD rk v1... nothing found
> Searching for LOC rootkit ... nothing found
> Searching for Romanian rootkit ... nothing found
> Searching for Suckit rootkit ... nothing found
> Searching for Volc rootkit ... nothing found
> Searching for Gold2 rootkit ... nothing found
> Searching for TC2 Worm default files and dirs... nothing found
> Searching for Anonoying rootkit default files and dirs... nothing found
> Searching for ZK rootkit default files and dirs... nothing found
> Searching for ShKit rootkit default files and dirs... nothing found
> Searching for AjaKit rootkit default files and dirs... nothing found
> Searching for zaRwT rootkit default files and dirs... nothing found
> Searching for anomalies in shell history files... nothing found
> Checking `asp'... not infected
> Checking `bindshell'... not infected
> Checking `lkm'... nothing detected
> Checking `rexedcs'... not found
> Checking `sniffer'... rl0 is not promisc
> plip0 is not promisc
> Checking `w55808'... not infected
> Checking `wted'... nothing deleted
> Checking `scalper'... not infected
> Checking `slapper'... not infected
> Checking `z2'... nothing deleted
>
>
> Mine FreeBSD: FreeBSD server.alf-ua.com 5.2.1-RELEASE FreeBSD
> 5.2.1-RELEASE #0: Wed Jan 11 12:41:53 GMT 2006
> root@:/usr/src/sys/i386/compile/kernel_11.01.06 i386
>
> Has come home, has put same FreeBSD on a domestic computer, the same
> report, Checking `date'... INFECTED
>
> How to me to be? It is a mistake of developers of the program or yours?
>
> With impatience I wait for your answer.
>
> Beforehand thanks.
>
>
> ______________________________________
>
> Vitaliy K
>
> vitaliy at vox.com.ua
> http://www.vox.com.ua
> #icq 251618733
>
>
>
>
>
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
>
>
More information about the freebsd-questions
mailing list